Print

Exercise #3: CSRF

Description

Perform an ethical hacking by adding an undesired product item into a victim's shopping cart.
    1. Set Firefox proxy setting to
      Mannual proxy
      HTTP Proxy: localhost
      Port: 8080 
    2. Set Burp proxy setting to
      Port: 8080
      Intercept On
    3. In Chrome or IE
      • Visit the victim online store
      • Add one product to the cart
      • View cookies (right-click the page -> Inspect Elements -> Resources -> Cookies)
      • Copy cookie value of ASP.NET_SessionId and the cart ID
    4. In Firefox
      • Visit the victim online store
      • Add one product item to the cart
      • Intercept, replace cookie value of ASP.NET_SessionId and cart ID, then forward
    5. In Chrome or IE
      • View cart