This project has been developed to exploit CSRF Web vulnerabilities and provide you a quick and easy exploitation toolkit. In few words, this is a simple HTTP Server in NodeJS that will communicate with the clients (victims) and send them payload that will be executed using JavaScript.<\/p>\n
This has been developed entirely in NodeJS, and configuration files are in JSON format. This project allows you to perform PoC (Proof Of Concepts) really easily. Let’s see how to get\/use it.<\/p>\n First, clone it :<\/p>\n To make this project work, get the latest Node.js version\u00a0here<\/a>. Go in the directory and install all the dependencies:<\/p>\n Then, launch the server.js :<\/p>\n Usage will be displayed :<\/p>\n This project has been developed to exploit CSRF Web vulnerabilities and provide you a quick and easy exploitation toolkit. In few words, this is a simple HTTP Server in NodeJS…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[139],"tags":[2889],"class_list":["post-27588","post","type-post","status-publish","format-standard","hentry","category-tools","tag-csrf"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4bBYZ-7aY","_links":{"self":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/27588","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/comments?post=27588"}],"version-history":[{"count":1,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/27588\/revisions"}],"predecessor-version":[{"id":27589,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/27588\/revisions\/27589"}],"wp:attachment":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/media?parent=27588"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/categories?post=27588"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/tags?post=27588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n*However, there’s a tool in Python in\u00a0utils<\/code>\u00a0folder that you can use to automate CSRF exploitation. *<\/em><\/p>\n$ git clone git@github.com:PaulSec\/CSRFT.git\r\n<\/code><\/pre>\nnpm install\r\n<\/code><\/pre>\n$ node server.js\r\n<\/code><\/pre>\nUsage : node server.js <file.json> <port : default 8080>\r\n\r\n<\/code>Download CSRFT<\/a><\/pre>\n","protected":false},"excerpt":{"rendered":"