- Joined
- May 15, 2017
- Messages
- 981
- Likes
- 760
- Points
- 1,045
XSRFProbe is an advanced Cross Site Request Forgery (CSRF/XSRF) Audit and Exploitation Toolkit.
Equipped with a Powerful Crawling Engine and Numerous Systematic Checks, it is now able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate (maliciously) exploitable proof of concepts with each found vulnerability. For more info on how XSRFProbe works, see XSRFProbe Internals on wiki.
Some Features:
Lets see some real-world scenarios of XSRFProbe in action:
Download XSRFProbe
Equipped with a Powerful Crawling Engine and Numerous Systematic Checks, it is now able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate (maliciously) exploitable proof of concepts with each found vulnerability. For more info on how XSRFProbe works, see XSRFProbe Internals on wiki.
Some Features:
- Performs several types of checks before declaring an endpoint as vulnerable.
- Can detect several types of Anti-CSRF tokens in POST requests.
- Features a powerful crawler which features continuous crawling and scanning.
- Out of the box support for custom cookie values and generic headers.
- Accurate Token-Strength Detection and Analysis using various algorithms.
- Can generate both normal as well as maliciously exploitable CSRF PoCs.
- Follows a redirect when there is a 30x response.
- Well documented code and highly generalised automated workflow.
- The user is in control of everything whatever the scanner does.
- Has a user-friendly interaction environment with full verbose support.
- Detailed logging system of errors, vulnerabilities, tokens and other stuffs.
Lets see some real-world scenarios of XSRFProbe in action:
Download XSRFProbe