csrfer
v0.1.2
Published
Small tool to create CSRF payloads based on vulnerable requests
Downloads
6
Readme
CSRFER
_____ _________________ ___________
/ __ \/ ___| ___ \ ___| ___| ___ \
| / \/\ `--.| |_/ / |_ | |__ | |_/ /
| | `--. \ /| _| | __|| /
| \__/\/\__/ / |\ \| | | |___| |\ \
\____/\____/\_| \_\_| \____/\_| \_|
-.--.
) " '-,
',' 2 \_
\q \ . \
_.--' '----.__
/ ._ _.__ \__
_.'_.' \_ .-._\_ '-, }
(,/ _.---;-( . \ \ ~
____ ( .___\_\ \/_/
( '-._ \ \ |
'._ ),> _) >
'-._ c=' Cooo -._
'-._ '.
'-._ `\
snd '-._ '.
'-._ \
`~---'CSRFER is a tool to generate csrf payloads, based on vulnerable requests.
It parses supplied requests to generate either a form or a fetch request. The payload can then be embedded in an html template.
Installation
npm install -g csrferUsage:
Usage: csrfer [options]
Options:
--version Show version number
-r, --request Path to the request file to be used
-m, --mode Mode to generate the code. Available options: form, fetch. (Default is form)
-a, --autosubmit Auto submit the request on page load
-s, --show Show the form inputs (only for form mode)
-o, --output Output the payload to the specified file instead of STDOUT
-t, --template Path to an html template page. Use the placeholder {{CONTENT}} to specify where to
inject the code (in html, not JS)
-T, --defaulttemplate Use this option if you want the code to be injected into a default html page.
-h, --help Show help
Examples:
csrfer -r req.txt -m form -a Automatically submit a form request
csrfer -r req.txt -m form -s Generate and shows a form to be submitted manually
csrfer -r req.txt -m fetch -t my_template.html Generates a fetch request and uses the supplied template
page
License
This project is MIT licensed