Jump to content

Locked lazyCSRF v0.0.2 - useful CSRF PoC generator


Recommended Posts

This is the hidden content, please


LazyCSRF is a more useful CSRF PoC generator that runs on Burp Suite.


Burp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing web application security testing. The feature of Burp Suite that I like the most is Generate CSRF PoC. However, it does not support JSON parameters. It also uses the <form>, so it cannot send PUT/DELETE requests. In addition, multibyte characters that can be displayed in Burp Suite itself are often garbled in the generated CSRF PoC. Those were the motivations for creating LazyCSRF.

    Support JSON parameter (like a request to the API)
    Support PUT/DELETE (only work with CORS enabled with an unrestrictive policy)
    Support displaying multibyte characters (like Japanese)
    Generating CSRF PoC with Burp Suite Community Edition (of course, it also works in Professional Edition)

The difference in the display of multibyte characters

The following image shows the difference in the display of multibyte characters between Burp’s CSRF PoC generator and LazyCSRF. LazyCSRF can generate PoC for CSRF without garbling multibyte characters. This is only the case if the characters are not garbled on Burp Suite.

This is the hidden content, please

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.