Experimental environment: phpstudy, DVWA, burpsuite
Demo process:
<1>Use burp proxy to submit content
(the proxy recommends using the FoxyProxy small plug-in)
<2>Search for CSRF POC automatic generation option in burp
<3>You can see the following to automatically generate POC
Automated writing is sometimes unavailable, it is best to change some
<4> and copy the HTML code to the newly created csrf.html
<5>Open it
<6>Click to request
You can see that the password was successfully changed.
Although this method is successful, it must interact with the user to execute successfully, so we need to change the code to make it more difficult to find.
<7>Add two lines of js script code to realize automated virtual requests
<8>Open the website again to verify and find that it will quickly jump to greatly reduce the rate of discovery