Xsrfprobe - The Prime Number Cross Site Asking Forgery Audit Together With Exploitation Toolkit
XSRFProbe is an advanced Cross Site Request Forgery (CSRF/XSRF) Audit together with Exploitation Toolkit. Equipped alongside a Powerful Crawling Engine together with Numerous Systematic Checks, it is immediately able to discovery close cases of CSRF vulnerabilities, their related bypasses together with futher generate (maliciously) exploitable proof of concepts alongside each institute vulnerability. For to a greater extent than information on how XSRFProbe works, run across XSRFProbe Internals on wiki.
Some Features:
- Performs several types of checks earlier declaring an endpoint equally vulnerable.
- Can discovery several types of Anti-CSRF tokens inward POST requests.
- Features a powerful crawler which features continuous crawling together with scanning.
- Out of the box back upwards for custom cookie values together with generic headers.
- Accurate Token-Strength Detection together with Analysis using diverse algorithms.
- Can generate both normal equally good equally maliciously exploitable CSRF PoCs.
- Follows a redirect when at that spot is a 30x response.
- Well documented code together with highly generalised automated workflow.
- The user is inward control of everything whatever the scanner does.
- Has a user-friendly interaction surroundings alongside total verbose support.
- Detailed logging arrangement of errors, vulnerabilities, tokens together with other stuffs.
Gallery:
Lets run across to a greater extent than or less real-world scenarios of XSRFProbe inward action:
Warnings:
Do non purpose this tool on a alive site!
It is because this tool is designed to perform all kinds of cast submissions automatically which tin sabotage the site. Sometimes you lot may screw upwards the database together with close belike perform a DoS on the site equally well.
Test on a disposable/dummy setup/site!
Disclaimer:
Usage of XSRFProbe for testing websites without prior usual consistency tin endure considered equally an illegal activity. It is the finally user's responsibleness to obey all applicable local, solid soil together with federal laws. The writer assumes no liability together with is non exclusively responsible for whatsoever misuse or impairment caused past times this program.
Author's Words:
This projection is based entirely upon my ain query together with my ain sense alongside spider web applications on Cross-Site Request Forgery attacks. You tin effort going through the source code which is highly documented to assistance you lot empathize how this toolkit was built. Useful pull requests, ideas together with issues are highly welcome. If you lot wishing to run across what how XSRFProbe is existence developed, banking venture jibe out the Development Board.
Thats it folks. Thank you...
Copyright © Infected Drake