CSRFER – Tool To Generate CSRF Payloads Based On Vulnerable Requests

CSRFER – Tool To Generate CSRF Payloads Based On Vulnerable Requests

CSRFER is a device to generate csrf payloads, primarily based on susceptible requests.

It parses equipped requests to deliver either a form or a fetch ask for. The payload can then be embedded in an html template.

Set up


_____ _________________ ___________
/ __ / ___| ___ ___| ___| ___
| / / `--.| |_/ / |_ | |__ | |_/ /
| | `--. /| _| | __|| /
| __//__/ / | | | | |___| |
____/____/_| __| ____/_| _|

-.--.
) " '-,
',' 2 _
q .
_.--' '----.__
/ ._ _.__ __
_.'_.' _ .-.__ '-, }
(,/ _.----( . ~
____ ( .____ /_/
( '-._ |
'._ ),> _) >
'-._ c=" Cooo -._
"-._ '.
'-._ `
snd '-._ '.
'-._
`~---'

Utilization:

Utilization: csrfer [options]

Selections:
--model Demonstrate version variety
-r, --ask for Path to the ask for file to be utilized
-m, --manner Manner to produce the code. Obtainable options: type, fetch. (Default is sort)
-a, --autosubmit Vehicle post the ask for on site load
-s, --show Exhibit the sort inputs (only for kind mode)
-o, --output Output the payload to the specified file in its place of STDOUT
-t, --template Route to an html template website page. Use the placeholder Material to specify wherever to
inject the code (in html, not JS)
-T, --defaulttemplate Use this choice if you want the code to be injected into a default html page.
-h, --enable Present assist

Illustrations:
csrfer -r req.txt -m type -a Mechanically submit a kind request
csrfer -r req.txt -m kind -s Crank out and displays a kind to be submitted manually
csrfer -r req.txt -m fetch -t my_template.html Generates a fetch ask for and takes advantage of the provided template
web site

Case in point output





This is Hello Environment site



Good day Earth



<form id="csrf" name="csrf" action="http://localhost:8000/1.php" method="POST"
enctype="application/x-www-form-urlencoded"><input id='destination' name="destination" type="hidden"
value="123-123123-123" />

<input
type="submit" value="submit">


JsaHZGJDG I

Graphic and Post Source website link

Go through More on Pentesting Instruments

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: