View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0005418Kali LinuxQueued Tool Additionpublic2019-04-30 03:192024-10-23 07:48
Reporter0xInfection Assigned Todaniruiz  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Fixed in Version2024.4 
Summary0005418: XSRFProbe - The Prime CSRF Audit and Exploitation Tool
Description

Name: XSRFProbe
Version: v2
Homepage: https://github.com/0xInfection/XSRFProbe
Author: Infected Drake <0xInfection>
Description: XSRFProbe is an advanced Cross Site Request Forgery (CSRF/XSRF) Audit and Exploitation Toolkit. Equipped with a Powerful Crawling Engine and Numerous Systematic Checks, it is now able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate (maliciously) exploitable proof of concepts with each found vulnerability.
Detailed Wiki: https://github.com/0xInfection/XSRFProbe/wiki

Steps To Reproduce

Usage:
python3 xsrfprobe.py [-h] [-u URL] [-c COOKIE] [-o OUTPUT] [-d DELAY]
[-q] [-v] [--user-agent USER_AGENT]
[--headers HEADERS] [--exclude EXCLUDE]
[--timeout TIMEOUT] [--max-chars MAXCHARS]
[--crawl] [--no-analysis] [--malicious]
[--skip-poc] [--display] [--update]
[--random-agent] [--version]

More details:

Testbeds:
https://github.com/0xInfection/XSRFProbe/wiki/FAQs#how-do-i-know-if-this-tool-actually-works-where-can-i-test-it

Additional Information

This is the one and only complete CSRF audit and exploitation toolkit available on GitHub.

Attached Files
68747470733a2f2f692e696d6775722e636f6d2f785472665753742e676966.gif (102,950 bytes)   
68747470733a2f2f692e696d6775722e636f6d2f785472665753742e676966.gif (102,950 bytes)   

Activities

g0tmi1k

g0tmi1k

2019-10-28 13:29

administrator   ~0011237

Last edited: 2020-01-06 13:16

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging
0xInfection

0xInfection

2019-10-28 15:07

reporter   ~0011254

Hi @g0tm1lk, thank you so much. I'm on the process of packaging it properly.
0xInfection

0xInfection

2019-10-30 17:17

reporter   ~0011266

Hi @g0tmi1k, I made a new release v2.1 and packaged XSRFProbe up in the same release. Now XSRFProbe can be installed via pip too.

Source Code as Package: https://github.com/0xInfection/XSRFProbe/tree/master
New Release: https://github.com/0xInfection/XSRFProbe/releases/tag/v2.1.0
On Pypi: https://pypi.org/project/xsrfprobe/2.1.0/

Is there anything else you require from me?
0xInfection

0xInfection

2019-11-03 12:41

reporter   ~0011273

Hi @g0tmi1k, a new release for xsrfprobe is out fixing a minor bug within the cookie handling feature.

Version: 2.1.1
Download: https://github.com/0xInfection/XSRFProbe/releases/tag/v2.1.1
On Pypi: https://pypi.org/project/xsrfprobe/2.1.1/
0xInfection

0xInfection

2019-12-23 09:00

reporter   ~0011757

Hi @g0tmi1k, a new release has been made with improved SSL certificate handling and other features.

Version: v2.2.0
GitHub: https://github.com/0xInfection/XSRFProbe/releases/
Pypi: https://pypi.org/project/xsrfprobe/2.2.0/
0xInfection

0xInfection

2020-02-05 15:02

reporter   ~0012024

New release fixing some bugs and optimised scanning is up.
daniruiz

daniruiz

2024-10-23 07:48

manager   ~0019957

This is now packaged. It should be ready in kali-rolling in a few days

Issue History

Date Modified Username Field Change
2019-04-30 03:19 0xInfection New Issue
2019-04-30 03:19 0xInfection File Added: 68747470733a2f2f692e696d6775722e636f6d2f785472665753742e676966.gif
2019-10-28 13:29 g0tmi1k Note Added: 0011237
2019-10-28 13:29 g0tmi1k Category New Tool Requests => Queued Tool Addition
2019-10-28 13:29 g0tmi1k Description Updated
2019-10-28 13:29 g0tmi1k Steps to Reproduce Updated
2019-10-28 15:07 0xInfection Note Added: 0011254
2019-10-28 16:01 g0tmi1k Status new => assigned
2019-10-30 17:17 0xInfection Note Added: 0011266
2019-11-03 12:41 0xInfection Note Added: 0011273
2019-12-23 09:00 0xInfection Note Added: 0011757
2020-01-06 13:07 g0tmi1k Status assigned => acknowledged
2020-01-06 13:16 g0tmi1k Note Edited: 0011237
2020-02-05 15:02 0xInfection Note Added: 0012024
2020-06-17 14:57 g0tmi1k Severity feature => minor
2020-12-01 11:14 g0tmi1k Summary XSRFProbe: The Prime CSRF Audit and Exploitation Tool => XSRFProbe - The Prime CSRF Audit and Exploitation Tool
2024-10-23 07:48 daniruiz Note Added: 0019957
2024-10-23 07:48 daniruiz Assigned To => daniruiz
2024-10-23 07:48 daniruiz Status acknowledged => resolved
2024-10-23 07:48 daniruiz Resolution open => fixed
2024-10-23 07:48 daniruiz Fixed in Version => 2024.4