Yesterday we landed an update for Rforge. Now you can generate CSRF (Cross-site Request Forgery) attacks from very complex HTTP requests using four distinct strategies, which are automatically selected for you. You can still modify the generated attack pages to your likings to add that extra magic of yours.
Rforge now includes the indispensable test button. The URLs generated from the testing facility can be directly embedded in your own demos, proof of concepts, etc.
This is pretty much it. We made the whole process so simple that it is not worth talking about it much. Just login and try it for yourself. We will push another article soon, which will be about the different ways CSRF attacks can be constructed depending on the type of HTTP request we want to imitate.
Happy Doomsday!Comments Powered ByDisqus