CSRFT – Cross Site Request Forgeries (Exploitation) Toolkit
Description
This project has been developed to exploit CSRF Web vulnerabilities and provide you a quick and easy exploitation toolkit. In few words, this is a simple HTTP Server in NodeJS that will communicate with the clients (victims) and send them payload that will be executed using JavaScript. CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.“ Combined with social engineering this is a very effective attack tool. Believe it or not, web sites prone to CSRF are very common. If your web developers do not know what „unique web form“ means, you will have to deal with CSRFs eventually.
▼Advertisement
▼Advertisement
How to get/use the tool
First, clone it :
$ git clone [email protected]:PaulSec/CSRFT.git
Then, in the directory, launch the server.js :
$ node server.js
Usage will be displayed :
Usage : node server.js <file.json> <port : default 8080>
download CSRFT more info can be found here
Share this:
Related Posts
Stardox – Github Stargazers Information Gathering Tool →
Too many issues in Pentagon networks expose it to cybersecurity risks →
NASA data breach – The agency notifies employees of a security intrusion →
This is really cool and useful!
Is there anyway to send a POST request to the vulnerable site but attach JSON data, rather than data from a standard HTML form?
Thanks.
check out thist article i think will help you http://blog.defensecode.com/2012/09/cross-site-request-forgery-against.html let me know !
This is extremely helpful, thank you very much.