Locked lazyCSRF v0.0.2 - useful CSRF PoC generator

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

LazyCSRF

LazyCSRF is a more useful CSRF PoC generator that runs on Burp Suite.

Motivation

Burp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing web application security testing. The feature of Burp Suite that I like the most is Generate CSRF PoC. However, it does not support JSON parameters. It also uses the <form>, so it cannot send PUT/DELETE requests. In addition, multibyte characters that can be displayed in Burp Suite itself are often garbled in the generated CSRF PoC. Those were the motivations for creating LazyCSRF.
Features

    Support JSON parameter (like a request to the API)
    Support PUT/DELETE (only work with CORS enabled with an unrestrictive policy)
    Support displaying multibyte characters (like Japanese)
    Generating CSRF PoC with Burp Suite Community Edition (of course, it also works in Professional Edition)

The difference in the display of multibyte characters

The following image shows the difference in the display of multibyte characters between Burp’s CSRF PoC generator and LazyCSRF. LazyCSRF can generate PoC for CSRF without garbling multibyte characters. This is only the case if the characters are not garbled on Burp Suite.

This is the hidden content, please

• Sign In
• or
• Sign Up