CompTIA PenTest+ (PT0-003) — Question 33

A penetration tester would like to leverage a CSRF vulnerability to gather sensitive details from an application's end users. Which of the following tools should the tester use for this task?

Answer options

• A. Browser Exploitation Framework
• B. Maltego
• C. Metasploit
• D. theHarvester

Correct answer: A

Explanation

The Browser Exploitation Framework (BeEF) is specifically designed to exploit web browsers, making it suitable for CSRF attacks to extract sensitive data. Maltego is primarily used for data mining and analysis, Metasploit is a framework for penetration testing generally, and theHarvester is focused on gathering email addresses and domain information, making them inadequate for exploiting CSRF vulnerabilities.