# This is the XSRF demo:

misc-settings
set fuzzCookie True
back

plugins

discovery webSpider
discovery config webSpider
set onlyForward True
back

audit xss

output console,textFile
output config textFile
set fileName output-w3af.txt
set verbose True
back
back

target
set target http://localhost/w3af/core/cookieFuzzing/cf.php
back

start

assert len( kb.kb.getData('xss', 'xss') ) == 1

exit