Hi all!
I'm testing a DVWA web application. Now I'm on the Cross Site Request Forgery vulnerability.

I have 3 VM:
- Metasploitabe_VM (the web server)
- BT4_VM (the attacker with CSRFTester)
- BT5_VM (a simple client)

To capture the request I use CSRFTester that work like a proxy and listen on the port 8008.
So I have to start CSRFTester recording (on BT4_VM); open firefox (always on BT4_VM), set the proxy on port 8008, connect to the web server and test the Cross Site Request Forgery.
Up here all works great.
My problem is:
if the connection request to web server came from another machine (BT5_VM) how can the CSRFTester (listening on BT4_VM 8008 port) work? Ettercap? Wireshark? Port redirection?
Thank to all