bwapp CSRF Change Secret
bwapp CSRF (Change Secret) - Low Security Level
Solution:
Step 1. Follow steps as shown in the video
a. Start Zap.
b. Open the browser inside Zap. I have already started to save some time.
c. Login to bWAPP and select the lesson page. * Please refer to the video.
d. Give the secret input of your choice - I am giving input as pseudo.
Click on Change.
e. Go back to your Zap application and right click on the
POST http://10.0.2.15/bWAPP/csrf_3.php HTTP/1.1 request and
select Generate Anti-CSRF Test Form
f. A new window will open with a new url
g. Right click, View Page source, copy the source code and paste it in any text editor of your choice and save the file with .html extension.
h. In the newly saved file change, the value pseudo with new value of your choice - I am changing it to time and now save the file.
i. Go to the location where the .html file is stored.
j. Open it with the browser of your choice and notice the value you have added note it is displayed in the secret textbox field.
k. Click on submit - You can see the output - The secret has been changed!
Note: This lesson can be solved in more than one way. Explore the other ways.
PseudoTime
