Advanced Usage
Infected Drake edited this page Nov 18, 2018
·
18 revisions
XSRFProbe is a toolkit intended to be highly flexible and customisable. Everything the scanner does can be controlled via the config.py
configuration file.
XSRFProbe has got full customisation over its runtime environment. In case if you don't want to enter parameters everytime, you can head over to config.py
file and edit them as per your need. Now next time, when you make want to run the tool, just fire it up with python xsrfprobe.py
and the tool will run according to your configurations set! They are as following:
-
SITE_URL
- The main site domain which you want to scan. -
DEBUG_MODE
- Setting this toFalse
means decreasing verbosity. This option is equivalent to supplying the-q/--quiet
argument. -
USER_AGENT
- The user agent with which you might want to run the entire scanning process. the Default value is set toMozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
, a standard Windows browser user-agent. -
USER_AGENT_RANDOM
- Setting this toTrue
indicates that all requests are to make by different user-agents which is not recommended. This option is equivalent to--random-agent
argument. -
COOKIE_VALUE
- The cookie value which will be passed during all requests. A cookie (preferably a Session Cookie, see why) is needed for complete assessment of all phases of XSRFProbe. HEADER_VALUES
TIMEOUT_VALUE
DELAY_AMOUT
COOKIE_BASED
POST_BASED
TOKEN_CHECKS
REFERER_ORIGIN_CHECKS
FORM_SUBMISSION
REFERER_URL
ORIGIN_URL
TOKEN_GENERATION_LENGTH
EXCLUDE_URLS
OUTPUT_DIR
DISPLAY_HEADERS
SCAN_ANALYSIS
Last Updated — 31/10/2019 by @0xInfection
- Home Welcome to XSRFProbe!
- Getting Started Getting started and setting up XSRFProbe.
- General Usage Basic usage of XSRFProbe.
- Advanced Usage Useful for advanced users who know what they're doing.
- XSRFProbe Internals How XSRFProbe works, intended for developers.
- Some FAQs Some discussions on topics which a user should understand.
- Contributing Making new pull requests.
- Reporting Bugs Issuing new bugs to XSRFProbe.