[Owasp-csrfguard] Help with test application

Sam Theman xray316 at hotmail.com
Tue Oct 25 08:17:29 EDT 2011


Hello,
I have installed the test application on weblogic, and it seems to load fine, and I can bring up the index page and then the "JavaScript Token Injection"  test page....  But I am not sure what I should be seeing.... it seems like everything comes up  "thwarted", like the below, unless I put it in the unprotected list:
[Tue Oct 25 08:13:17 EDT 2011] [Info] CsrfGuard analyzing request /Owasp.CsrfGuard.Test/index.html[Tue Oct 25 08:13:20 EDT 2011] [Info] CsrfGuard analyzing request /Owasp.CsrfGuard.Test/javascript.html[Tue Oct 25 08:13:20 EDT 2011] [Info] CsrfGuard analyzing request /Owasp.CsrfGuard.Test/HelloServlet[Tue Oct 25 08:13:20 EDT 2011] [Error] potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:129.6.84.222, uri:/Owasp.CsrfGuard.Test/HelloServlet, error:required token is missing from the request)[Tue Oct 25 08:13:20 EDT 2011] [Info] CsrfGuard analyzing request /Owasp.CsrfGuard.Test/JavaScriptServlet[Tue Oct 25 08:13:20 EDT 2011] [Info] CsrfGuard analyzing request /Owasp.CsrfGuard.Test/JavaScriptServlet[Tue Oct 25 08:13:20 EDT 2011] [Info] CsrfGuard analyzing request /Owasp.CsrfGuard.Test/error.html[Tue Oct 25 08:13:20 EDT 2011] [Info] CsrfGuard analyzing request /Owasp.CsrfGuard.Test/JavaScriptServlet[Tue Oct 25 08:13:20 EDT 2011] [Info] CsrfGuard analyzing request /Owasp.CsrfGuard.Test/HelloServlet[Tue Oct 25 08:13:20 EDT 2011] [Info] CsrfGuard analyzing request /Owasp.CsrfGuard.Test/JavaScriptServlet
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20111025/957f4e8e/attachment.html 


More information about the Owasp-csrfguard mailing list