Skip to content

yehgdotnet/EasyCSRF-1

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit

EasyCSRF.py

EasyCSRF.py

 
 

README.md

README.md

 
 

Repository files navigation

EasyCSRF extension for Burp

EasyCSRF helps to find CSRF vulnerabilities as the result of bypassing weak CSRF-protection. For explanation how some bypasses for CSRF-protection are working, look at the slides from ZeroNights 2017 conference.

Extension automatically makes changes to all POST/PUT/DELETE/PATCH requests and highlights modified requests in Proxy HTTP history. You role is to judge by looking at WebApp UI which modified requests are failed/succeeded. When installing EasyCSRF extension, EasyCSRF tab with configuration is added.

Following modifications for requests are supported:

  • Remove CSRF-token from parameters. URL-encoded, multipart, JSON parameters are supported.
  • Remove HTTP headers that are used for CSRF-protection.
  • Change PUT/DELETE/PATCH method to POST.
  • Convert URL-encoded body to JSON format.
  • Set text/plain value for Content-Type header.
  • Change POST/PUT/DELETE/PATCH request to GET request for url-encoded body.

First four methods are turned on by default.

Extension works with Burp Suite Free Edition.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%