4.1 Task 1: CSRF Attack using GET Request This requires Firefox to be started in both the Boby command window and in the Alice command window. This allows the 2 different users to be logged into 2 different browsers at the same time with different session ids. To bring up the Elgg program, type firefox in each window, then type the URL to the Elgg Web Application. In this task, we need two people in the Elgg social network: Alice and Boby. Boby wants to become a friend to Alice, but Alice refuses to add Boby to her Elgg friend list. Boby decides to use the CSRF attack to achieve his goal. He sends Alice an URL (via a posting in Elgg); Alice, curious about it, clicks on the URL, which leads her to Boby's web site: www.cerflabattacker.com . Pretend that you are Boby, describe how you construct the content of the web page, so as soon as Alice visits the web page, Boby is added to the friend list of Alice (assuming Alice has an active session with Elgg). To add a friend to the victim, we need to identify the Add Friend HTTP request, which is a GET request. In this task, you are NOT allowed to write Javascript code to launch the CSRF attack. Your job is to make the attack successful as soon as Alice visits the web page, without even making any click on the page (hint: you can use the img tag, which automatically triggers an HTTP GET request). NOTE: Depending on the setup, you will more than likely need to create your HTML page in the /home/attacker/ folder, which is writeable for you, then create the link to it appropriately