Home
Consulting
Advisories
Software
Articles
Contact

Fiddler XSRF Inspector Quick Start

Quick Start Guide | Download

Finding and exploiting a cross-site request forgery using Fiddler XSRF Inspector is trivial. The first step is to identify a privileged action to replicate. Some commonly targeted actions are listed below. Once a target has been selected, populate the appropriate form fields with data and set a breakpoint in Fiddler before submitting the form.



After submitting the form stop the request in the browser. In Fiddler disable the break point or stop capturing but do not resume the captured request. Under the Inspectors tab select XSRF. If the request method is POST both GET and POST options will be available for testing, otherwise only GET is available.



Click the test button and observe the application to see if the desired affects have been achieved.

Copyright © 2018 AutoSec Tools LLC