LazyCSRF is a more useful CSRF PoC generator that runs on Burp Suite.
Motivation
Burp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing web application security testing. The feature of Burp Suite that I like the most is Generate CSRF PoC
. However, the function to automatically determine the content of request is broken, and it will try to generate PoC using form
even for PoC that cannot be represented by form
, such as cases using JSON for parameters or PUT requests. In addition, multibyte characters that can be displayed in Burp Suite itself are often garbled in the generated CSRF PoC. These were the motivations for creating LazyCSRF.
Difference in display of multibyte characters
The following image shows the difference in the display of multibyte characters between Burp’s CSRF PoC generator and LazyCSRF. LazyCSRF can generate PoC for CSRF without garbling multibyte characters. This is only the case if the characters are not garbled on Burp Suite.
Installation
Download the JAR from GitHub Releases. In Burp Suite, go to the Extensions tab in the Extender tab, and add a new extension. Select the extension type Java
, and specify the location of the JAR.
You can generate a CSRF PoC by selecting Extensions
->LazyCSRF
->Generate CSRF PoC By LazyCSRF
from the menu that opens by right-clicking on Burp Suite.
How To Build
If you use IntelliJ IDEA, you can build it by following Build
-> Build Artifacts
-> LazyCSRF:jar
-> Build
.
You can build it with maven.
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…