I am trying to run CSRFTester tool from OWASP to check for CSRF Attack on my web application. I am able to generate an HTML report from the tool but I dont know how to use it..I tried googling it but to no avail. Here are the steps I am following till now:-
> 1. Login to my Web Application.
> 2.Access to the business logic function page.
> 3.Start Recording(CSRFTester)
> 4.Enter the data in form and click on submit.
> 5.CSRFTester tool will store all the information related to this request.
> 6.I modified the value of two parameter from 10,20 to 150,300.
> 7. Generated the Form HTML report and saved it on my desktop.
> 8. Opened a new browser.Logged into my web application with different user.
> 9.Navigate to the business logic function page.
From here On I don't know what exactly I have to do to test for CSRF and how to do it.. Please Guide me..Material available over the net for using this tool have repeatedly stated the same thing which I am not able to understand.
The sites quote :-
Once you generate report open a new browser instance, authenticate as another user with access to the same business function(s) of your testing site, and have then launch the newly created HTML report file. If the action effect after viewing the file in the same browser window that was used to authenticate the the victim, then that particular function is vulnerable to CSRF(cross-site request forgery).
Please guide me..Also if anyone knows about any Free tool to test for CSRF vulnerabilities then please let me know..I tried using Acunetix but to no avail..
