CSRFTester Usage

Overview
The following article describes how to utilize the OWASP CSRFTester to generate test cases during an application security assessment. To download the tool, please visit the OWASP CSRFTester project page at https://www.owasp.org/index.php/Category:OWASP_CSRFTester_Project

Launch OWASP CSRFTester

 * Update JAVA_HOME in run.bat to ensure appropriate access to the JVM.
 * Double-click run.bat to launch CSRFTester with the appropriate classpath configuration

The CSRFTester distribution contains three files: run.bat, OWASP-CSRFTester-1.0.jar, and concurrent.jar. The run.bat script configures the classpath to include the required jars and invokes the appropriate main class. Currently, the batch script assumes your JDK runtime exists under C:\AppSecWorkbench\jdk16\jre. Obviously, this will not be the correct location of your JVM. Make sure you update the JAVA_HOME environment variable in run.bat before attempting to execute the batch file. Assuming proper configuration, executing run.bat should launch CSRFTester. If an error occurs, evident when the command line interface quickly disappears, consider opening up a separate CLI and 'CD' directly to the folder of your run.bat file and execute it via command line. Any errors that may occur will display to stdout.