XSRFProbe is a toolkit intended to be highly flexible and customisable. Everything the scanner does can be controlled via the
config.py configuration file.
XSRFProbe Configuration Variables:
XSRFProbe has got full customisation over its runtime environment. In case if you don't want to enter parameters everytime, you can head over to
config.py file and edit them as per your need. You might want to consider this option if you are a regular tester user. Set you variables, and next time when you want to run the tool, just fire it up with
python xsrfprobe.py and the tool will run according to your configurations set!
The following below are options which you can modify according to your own needs:
SITE_URL- The main site domain which you want to scan.
CRAWL_SITE- The switch which determines whether or not to crawl the site. This option when set to
Trueis equivalent to supplying the
--crawlargument and will result in crawling the entire site and scanning all endpoints it finds.
DEBUG_MODE- Setting this to
Falsemeans decreasing verbosity. This option is equivalent to supplying the
USER_AGENT- The user agent with which you might want to run the entire scanning process. the Default value is set to
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729), a standard Windows browser user-agent.
USER_AGENT_RANDOM- Setting this to
Trueindicates that all requests are to make by different user-agents which is not recommended. This option is equivalent to
COOKIE_VALUE- The cookie value which will be passed during all requests. A cookie (preferably a Session Cookie, see why) is needed for complete assessment of all phases of XSRFProbe.
HEADER_VALUES- This is where the default header values are stored. The variable type is a Python dictionary. When you add a custom header with the
--headerargument, the header will get appended to this list of existing headers. See advanced usage if you want your own set of HTTP headers.
TIMEOUT_VALUE- This is the HTTP timeout value and applies to all requests. The default is 7 seconds. Changing this value is equivalent to supplying a value via the
DELAY_AMOUT- The value storing the delay amount between two requests in seconds. Changing this option is equivalent to setting the
COOKIE_BASED- This is a run-time configuration variable. Setting this option to
Falsemeans all cookie based checks (Cookie Persistence and Cookie Flag Checks) will NOT be performed. This is by default set to
Falsewhen user doesn't supply a cookie value or the
COOKIE_VALUEconfiguration variable is empty.
POST_BASED- A run-time configuration variable for checking if the user wants to check for POST Based CSRFs. Setting this option to
Falsemeans all POST Based Forgery Checks will NOT be performed.
TOKEN_CHECKS- Another run-time configuration variable for checking if user wants XSRFProbe to do checks for anti-CSRF tokens. Setting this option to
Falsemeans all Token Based Checks(Anti-CSRF Token Detection, Token Strength Calculation and Token Randomness Calculation) will NOT be performed.
REFERER_ORIGIN_CHECKS- Yet another run-time configuration variable intended to provide users with the option of allowing referer/origin checks. Setting this option to
Falsemeans all Cross-Origin Based Checks (Referer Based and Origin Based Checks) will NOT be performed.
FORM_SUBMISSION- A controller variable which controls how XSRFProbe submits forms. Setting this to
Falsewill not allow any type of form submissions, thereby missing most of the module checks.
REFERER_URL- A controller variable which indicates the URL of the
Refererheader when performing tests against Referer Based Request Validation Checks.
ORIGIN_URL- A controller variable which indicates the URL of the
Originheader when performing Origin Based Request Validation Checks.
TOKEN_GENERATION_LENGTH- A controller variable which defines the length of the strings of the form fields which are to be generated.
EXCLUDE_URLS- Exclude the directories which need not be scanned. The data type format should be in form of a standard Python list. This is equivalent to supplying list of directories via the
OUTPUT_DIR- The output directory of the files where everything is to be stored (including logs).
DISPLAY_HEADERS- Option to display headers. This option will help you to display headers received during requests. You might want to turn this to
Trueif you want the response headers to be displayed on the terminal.
SCAN_ANALYSIS- A run-time configuration variable which allows users to set the option for post-scan analysis. Setting this option to
Falsemeans Post-Scan Analysis will NOT be performed. Equivalent to supplying the
POC_GENERATION- A controller variable which help you to determine whether to generate PoC forms with each CSRF vulnerability found. Setting this option to
Falseis equivalent to supplying the
GEN_MALICIOUS- This variable decides which type of forms will be generated. If this is turned on (set to
True), XSRFProbe will generate malicious forms which could be used in real-world exploitations upon discovery of a POST-Based vulnerability.
With this knowledge you can easily customize and manipulate XSRFProbe fully according to your needs and requirements.