CSRFER – Tool To Generate CSRF Payloads Based On Vulnerable Requests
CSRFER is a device to generate csrf payloads, primarily based on susceptible requests.
It parses equipped requests to deliver either a form or a fetch ask for. The payload can then be embedded in an html template.
Set up
_____ _________________ ___________
/ __ / ___| ___ ___| ___| ___
| / / `--.| |_/ / |_ | |__ | |_/ /
| | `--. /| _| | __|| /
| __//__/ / | | | | |___| |
____/____/_| __| ____/_| _|
-.--.
) " '-,
',' 2 _
q .
_.--' '----.__
/ ._ _.__ __
_.'_.' _ .-.__ '-, }
(,/ _.----( . ~
____ ( .____ /_/
( '-._ |
'._ ),> _) >
'-._ c=" Cooo -._
"-._ '.
'-._ `
snd '-._ '.
'-._
`~---'
Utilization:
Utilization: csrfer [options]
Selections:
--model Demonstrate version variety
-r, --ask for Path to the ask for file to be utilized
-m, --manner Manner to produce the code. Obtainable options: type, fetch. (Default is sort)
-a, --autosubmit Vehicle post the ask for on site load
-s, --show Exhibit the sort inputs (only for kind mode)
-o, --output Output the payload to the specified file in its place of STDOUT
-t, --template Route to an html template website page. Use the placeholder Material to specify wherever to
inject the code (in html, not JS)
-T, --defaulttemplate Use this choice if you want the code to be injected into a default html page.
-h, --enable Present assist
Illustrations:
csrfer -r req.txt -m type -a Mechanically submit a kind request
csrfer -r req.txt -m kind -s Crank out and displays a kind to be submitted manually
csrfer -r req.txt -m fetch -t my_template.html Generates a fetch ask for and takes advantage of the provided template
web site
Case in point output
This is Hello Environment site
Good day Earth
<form id="csrf" name="csrf" action="http://localhost:8000/1.php" method="POST"
enctype="application/x-www-form-urlencoded"><input id='destination' name="destination" type="hidden"
value="123-123123-123" />
<input
type="submit" value="submit">