laughingrat / pinata-csrf-tool Goto Github PK

What steps will reproduce the problem?
1. A GET request with trailing newline characters

What is the expected output? What do you see instead?
Pinata-CSRF_v0.92>pinata.py
The HTML Form uses a GET method, Generating CSRF HTML..................
 ####################################################################

Traceback (most recent call last):
 File "C:\DIR\Pinata-CSRF_v0.92\pinata.py", line 185, in <module>
   dicHeader = encodedToDict(header)
 File "C:\DIR\Pinata-CSRF_v0.92\pinata.py", line 31, in encodedToDict
   key, value = parm.split(': ',1)
ValueError: need more than 1 value to unpack
--

What version of the product are you using? On what operating system?
 V0.92

Please provide any additional information below.

What steps will reproduce the problem?
1. How we can use it in Linux (More focus on Backtrack)
2. I am running it but getting error
3.

Standard HTTP request is URL encoded. Pinata.py script does not URL decode 
the key, value pairs. I have deliberately choosen not to do that as I have 
noticed that majority of the time URL decoding will break the HTML and 
encoded URL response always works.

However there are instances where you will want to produce HTML with key 
and values are not URL encoded. You can do that using 
pinataWithEncoding.py which is also included in the pinata.zip. 
Alternately you can generate HTML using both the scripts to see whether it 
is working.   

Since HTTP request does not have any identifiers to indicate whether the 
site is over HTTPS or HTTP. I have hard coded the script to produce HTML 
that assumes an HTTPS connection. If the site being tested is over HTTP, 
please edit your generated HTML's URL to say HTTP.

Pinats will generate the follow errors if header field srting has semi 
colon followed by space ': '. This usually happens in user agent string.

Traceback (most recent call last):
  File "C:\Project\Complete\pinata.py", line 200, in <module>
    dicHeader = encodedToDict(header)
  File "C:\Project\Complete\pinata.py", line 22, in encodedToDict
    key, value = parm.split(': ')
ValueError: too many values to unpack

Workaround:
The easiest fix is to turncate the user agent string in the HTTP request 
and then run the tool.