Hacking News csrft_example

Published on March 3rd, 2014 | Post Views: 3,082  HitsPost Views

4

CSRFT – Cross Site Request Forgeries (Exploitation) Toolkit

Description

This project has been developed to exploit CSRF Web vulnerabilities and provide you a quick and easy exploitation toolkit. In few words, this is a simple HTTP Server in NodeJS that will communicate with the clients (victims) and send them payload that will be executed using JavaScript. CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.“ Combined with social engineering this is a very effective attack tool. Believe it or not, web sites prone to CSRF are very common. If your web developers do not know what „unique web form“ means, you will have to deal with CSRFs eventually.

▼Advertisment

This project allows you to perform PoC (Proof Of Concepts) really easily. Let’s see how to get/use it.

▼Advertisment

How to get/use the tool

First, clone it :

$ git clone [email protected]:PaulSec/CSRFT.git

Then, in the directory, launch the server.js :

$ node server.js

Usage will be displayed :

Usage : node server.js <file.json> <port : default 8080>

download CSRFT  more info can be found here












4 Responses to CSRFT – Cross Site Request Forgeries (Exploitation) Toolkit

  1. anarch says:

    This is really cool and useful!

  2. Colt says:

    Is there anyway to send a POST request to the vulnerable site but attach JSON data, rather than data from a standard HTML form?

    Thanks.

Leave a Reply

Back to Top ↑