Skip to content

CSRF Attender is a Burp Suite extension that illustrates a PoC for automatically generating CSRF attacks on a WebSite (works only for GET requests and HTTP1.1)

License

Notifications You must be signed in to change notification settings

RudigerMorinDocter/CSRF-Attender

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 

Repository files navigation

CSRF-Attender

CSRF Attender is a Burp Suite extension that illustrates a PoC for automatically generating CSRF attacks on a WebSite (works only for GET requests and HTTP1.1)

To use, Install Burp Suite Community (or Pro), go to the 'Extender' tab and Select 'Add'. Choose the CSRFAttender.jar and click 'Next'. There should be no Errors. Now browse your website using Burp's Chromium Browser and look at the results by selecting 'Output' -> 'Show in UI' in the 'Extender' Tab of Burp !

Feel free to look at the source code and try upgrading it ! To edit the source code, open BurpExtender.java and use the Burp Interfaces to look for something you need, then implement it !

So far it only uses the proxy tool from Burp Suite to capture the request headers and transform a GET request into a potential CSRF attack for the website you are currently browsing. Definitely upgradable (I encourage anyone to try ! :D)

This Burp extension was made for a University project where we are immersed into the world of research. University of Lorraine, UFR MIM, Master 1 Informatique.

About

CSRF Attender is a Burp Suite extension that illustrates a PoC for automatically generating CSRF attacks on a WebSite (works only for GET requests and HTTP1.1)

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages