Hacking News csrft_example

Published on March 3rd, 2014 | Post Views: 2,810  Hits Post Views

CSRFT – Cross Site Request Forgeries (Exploitation) Toolkit

Description

This project has been developed to exploit CSRF Web vulnerabilities and provide you a quick and easy exploitation toolkit. In few words, this is a simple HTTP Server in NodeJS that will communicate with the clients (victims) and send them payload that will be executed using JavaScript. CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.“ Combined with social engineering this is a very effective attack tool. Believe it or not, web sites prone to CSRF are very common. If your web developers do not know what „unique web form“ means, you will have to deal with CSRFs eventually.

▼Advertisements

This project allows you to perform PoC (Proof Of Concepts) really easily. Let’s see how to get/use it.

▼Advertisements

How to get/use the tool

First, clone it :

$ git clone git@github.com:PaulSec/CSRFT.git

Then, in the directory, launch the server.js :

$ node server.js

Usage will be displayed :

Usage : node server.js <file.json> <port : default 8080>

download CSRFT  more info can be found here












4 Responses to CSRFT – Cross Site Request Forgeries (Exploitation) Toolkit

  1. anarch says:

    This is really cool and useful!

  2. Colt says:

    Is there anyway to send a POST request to the vulnerable site but attach JSON data, rather than data from a standard HTML form?

    Thanks.

Leave a Reply

Back to Top ↑

Read previous post:
hacking-yahoo-password-database
Yahoo vulnerability allows Hacker to delete 1.5 million records from Database

Yahoo! The 4th most visited website on the Internet has been found vulnerable multiple times, and this time a hacker...

Close