CSRFT – Cross Site Request Forgeries (Exploitation) Toolkit
Description
This project has been developed to exploit CSRF Web vulnerabilities and provide you a quick and easy exploitation toolkit. In few words, this is a simple HTTP Server in NodeJS that will communicate with the clients (victims) and send them payload that will be executed using JavaScript. CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.“ Combined with social engineering this is a very effective attack tool. Believe it or not, web sites prone to CSRF are very common. If your web developers do not know what „unique web form“ means, you will have to deal with CSRFs eventually.
▼Advertisment
▼Advertisment
How to get/use the tool
First, clone it :
$ git clone [email protected]:PaulSec/CSRFT.git
Then, in the directory, launch the server.js :
$ node server.js
Usage will be displayed :
Usage : node server.js <file.json> <port : default 8080>
download CSRFT more info can be found here
This is really cool and useful!
Is there anyway to send a POST request to the vulnerable site but attach JSON data, rather than data from a standard HTML form?
Thanks.
check out thist article i think will help you http://blog.defensecode.com/2012/09/cross-site-request-forgery-against.html let me know !
This is extremely helpful, thank you very much.