1
CSCI 5234 Web Security
Lab1
Cross Site Request Forgery (CSRF) Attacks
Configure the Virtual Machines:
1. Follow the instructions given in the Lab Setup page to download and install the virtual machines
(VMs).
2. Configure the Virtual Machines after having installed the VMs:
NOTE: A VM must be off in order to be configured.
Click and open the Settings (Figure 1).
Figure 1: Configuring the VMs
3. Open the settings for the Server virtual machine.
a. In the General:
Advanced tab, set Shared Clipboard and Drag’n’Drop to Bidirectional.
b. In the Network:
Adapter 1 tab, set the “Attached to” field to Bridged Adapter.Click the arrow to show
advanced settings and change “Promiscuous Mode” to Allow VMs.
4. Right click on the Server VM and select Clone. (Note: the VM must be Powered Off).
Name the new virtual machine “Attacker”, select “Reinitialize the MAC address”, and create a
Full Clone.
5. Lab environment setup:
In the Victim VM, modify the /etc/hosts file to map the domain name of
www.csrflabattacker.com and www.csrflabelgg.com to the attacker machine’s IP address.
(modify 192.168.0.165 to the attacker machine’s IP address)
192.168.0.165 www.csrflabelgg.com
192.168.0.165 www.csrflabattacker.com
6. Apache configuration: Restart apache