How to test if a web page is vulnerable to a cross site scripting (CSRF) attack

Let’s assume you have created an account and have logged in to a website. Among the options you have, there is one where you can edit your profile. Once we land on that page, we want to check if there is a protection against a CSRF (cross-site scripting) attack.

First thing is to view the source and inspect the form.

Immediately you can see one thing that is missing, a random text/token (usually 8 or more characters). Something like this:

Why is a CSRF token important ? Well, in this case, without a CSRF token, if a user clicks on a link while he/she is logged in, the profile data can be changed.

Imagine you are buying something on a website and while you have the items in the cart, you visit a webpage that is able to change your address so when you click on the “Buy” button, the items will be shipped somewhere else. You can find more examples here.

To see it in action, assuming that you’re using Burp, edit your profile, locate the request in the HTTP history, right click on it and select  “Send it to Repeater”.

You can then edit the parameters with new values and submit it. When you refresh the page in the browser, you should be able to see the new values.