View Issue Details

IDProjectCategoryView StatusLast Update
0005418Kali LinuxQueued Tool Additionpublic2020-12-01 11:14
Reporter0xInfection Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status acknowledgedResolutionopen 
Summary0005418: XSRFProbe - The Prime CSRF Audit and Exploitation Tool
Description

Name: XSRFProbe
Version: v2
Homepage: https://github.com/0xInfection/XSRFProbe
Author: Infected Drake <0xInfection>
Description: XSRFProbe is an advanced Cross Site Request Forgery (CSRF/XSRF) Audit and Exploitation Toolkit. Equipped with a Powerful Crawling Engine and Numerous Systematic Checks, it is now able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate (maliciously) exploitable proof of concepts with each found vulnerability.
Detailed Wiki: https://github.com/0xInfection/XSRFProbe/wiki

Steps To Reproduce

Usage:
python3 xsrfprobe.py [-h] [-u URL] [-c COOKIE] [-o OUTPUT] [-d DELAY]
[-q] [-v] [--user-agent USER_AGENT]
[--headers HEADERS] [--exclude EXCLUDE]
[--timeout TIMEOUT] [--max-chars MAXCHARS]
[--crawl] [--no-analysis] [--malicious]
[--skip-poc] [--display] [--update]
[--random-agent] [--version]

More details:

Testbeds:
https://github.com/0xInfection/XSRFProbe/wiki/FAQs#how-do-i-know-if-this-tool-actually-works-where-can-i-test-it

Additional Information

This is the one and only complete CSRF audit and exploitation toolkit available on GitHub.

Attached Files

Activities

g0tmi1k

g0tmi1k

2019-10-28 13:29

administrator   ~0011237

Last edited: 2020-01-06 13:16

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging

0xInfection

0xInfection

2019-10-28 15:07

reporter   ~0011254

Hi @g0tm1lk, thank you so much. I'm on the process of packaging it properly.

0xInfection

0xInfection

2019-10-30 17:17

reporter   ~0011266

Hi @g0tmi1k, I made a new release v2.1 and packaged XSRFProbe up in the same release. Now XSRFProbe can be installed via pip too.

Source Code as Package: https://github.com/0xInfection/XSRFProbe/tree/master
New Release: https://github.com/0xInfection/XSRFProbe/releases/tag/v2.1.0
On Pypi: https://pypi.org/project/xsrfprobe/2.1.0/

Is there anything else you require from me?

0xInfection

0xInfection

2019-11-03 12:41

reporter   ~0011273

Hi @g0tmi1k, a new release for xsrfprobe is out fixing a minor bug within the cookie handling feature.

Version: 2.1.1
Download: https://github.com/0xInfection/XSRFProbe/releases/tag/v2.1.1
On Pypi: https://pypi.org/project/xsrfprobe/2.1.1/

0xInfection

0xInfection

2019-12-23 09:00

reporter   ~0011757

Hi @g0tmi1k, a new release has been made with improved SSL certificate handling and other features.

Version: v2.2.0
GitHub: https://github.com/0xInfection/XSRFProbe/releases/
Pypi: https://pypi.org/project/xsrfprobe/2.2.0/

0xInfection

0xInfection

2020-02-05 15:02

reporter   ~0012024

New release fixing some bugs and optimised scanning is up.

Issue History

Date Modified Username Field Change
2019-04-30 03:19 0xInfection New Issue
2019-04-30 03:19 0xInfection File Added: 68747470733a2f2f692e696d6775722e636f6d2f785472665753742e676966.gif
2019-10-28 13:29 g0tmi1k Note Added: 0011237
2019-10-28 13:29 g0tmi1k Category New Tool Requests => Queued Tool Addition
2019-10-28 13:29 g0tmi1k Description Updated
2019-10-28 13:29 g0tmi1k Steps to Reproduce Updated
2019-10-28 15:07 0xInfection Note Added: 0011254
2019-10-28 16:01 g0tmi1k Status new => assigned
2019-10-30 17:17 0xInfection Note Added: 0011266
2019-11-03 12:41 0xInfection Note Added: 0011273
2019-12-23 09:00 0xInfection Note Added: 0011757
2020-01-06 13:07 g0tmi1k Status assigned => acknowledged
2020-01-06 13:16 g0tmi1k Note Edited: 0011237
2020-02-05 15:02 0xInfection Note Added: 0012024
2020-06-17 14:57 g0tmi1k Severity feature => minor
2020-12-01 11:14 g0tmi1k Summary XSRFProbe: The Prime CSRF Audit and Exploitation Tool => XSRFProbe - The Prime CSRF Audit and Exploitation Tool