csrfshark/app
๐ CSRFShark - a utility for manipulating cross-site request forgery attacks
CSRFShark
CSRFShark is a utility for manipulating cross-site Request forgery (CSRF) attacks.
It allows to easily generate a CSRF PoC based on a given HTTP/CURL requests with further possibility to get a permanent link to the result.
๐ Contents
- ๐ Getting started
- ๐ Usage
- โจ Features
- ๐ Supported languages
- โ Supported CSRF PoC techniques
- ๐ค Author
โ ๏ธ Legal disclaimer- โ๏ธ License
๐ Getting started
CSRFShark offers a hosted solution located at https://csrfshark.github.io/app
If you want to host CSRFShark on your local machine, several start options are available:
- Download the latest release
- Clone the repo:
git clone https://github.com/csrfshark/app
๐ Usage
This video will take you on a journey into the realm of web security, where you will become proficient in using CSRFShark. CSRFShark is a tool created to streamline the generation, distribution, and verification of Cross-Site Request Forgery (CSRF) payloads. Regardless of whether you are an experienced expert or a novice starting to explore web security, this tutorial is suitable for all levels of expertise. We will guide you through each step, ensuring that you can utilize CSRFShark efficiently. Sit back and enjoy the video!
โจ Features
- Share - allows you to easily and quickly get a permanent link to the result. All necessary data for PoC will be stored in the URL Hash.
- Client-Side Rendering - all data is generated on the client side using JavaScript.
- Privacy - through the use of URL Hash technology, the server has no information about the client request and the created PoC.
- Real-Time run - check that the attack works in real-time.
๐ Supported languages
- English
- Russian
- Ukrainian
- Spanish
โ Supported CSRF PoC techniques
- Form - a simple HTML form that includes hidden inputs and a submit button.
- XMLHttpRequest - makes a HTTP request in JavaScript via XMLHttpRequest class.
- XMLHttpRequest + Stats - same as XMLHttpRequest, but also includes code to display request statistics.
- Link - a simple HTML
<a>tag. - Img - a simple HTML
<img>tag.
๐ค Author
โ ๏ธ Legal disclaimer
This tool is for educational purpose only. It is illegal to use this program to attack targets without prior mutual consent. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage cause by this program.
โ๏ธ License
Licensed under the MIT License.