Skip to content

Ckrielle/Forgerer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
forgerer.py
forgerer.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Forgerer

The (to-be) Definitive CSRF Website Creator

Table Of Contents

General Info

CSRF: CSRF stands for Cross Site Request Forgery. Essentially wherever a request can be made in a website, you can write your own site that sends that request impersonating the user you sent your malicious link to (follow the link for a more thorough explanation). This attack can delete users account, delete their posts/post whatever to their account, generally do whatever the site allows without the users authentication. It is a common vulnerability with usually medium impact that can lead to other attacks, such as stored XSS. This tools aim is to automate the attack, not only to increase the productivity of bug hunters, but to make the investigation of this attack accesible to everyone.

Explanation: The tool takes the provided url and displays every action, method and parameters it can find. After that the user can specify which form he wants to create a website with, and one by one the different parameters are presented, offering the user the possibility to give his/her value of choice. After that is done the website is generated in index.html and the website is ready.

Important: I am in no way responsible or accountable for any malicious usage of the tool. It was created for educational purposes and to help white hats. If you intend to use it for illegal activites then just don't and take time to fully grasp the severity of your possible actions.

Installation

All you have to do is copy paste the commands below into your terminal.

git clone https://github.com/Ckrielle/Forgerer.git
cd Forgerer
sudo pip3 install -r requirements.txt

Demonstration

Under Construction

To-Do

I could leave it as it is however there are imporvements I intend on implementing:

  • Integrate argparse.
  • Create different websited for different type of requests along with POST which is the default (GET, DELETE, ...).
  • Prettify it (Colors, Banner, ...).
  • Deploy it to the web.
  • Options for possible csrf token (Deletion, Include one of same length, ...).
  • Choosing to create one, some, or all possible CSRF sites.
  • Obviously fix any bug that is found. And whatever else comes to my mind at a later time.

Donations

If for some reason you think I deserve money for having written this or any of my other projects, firstly thank you very much I'm humbled. Secondly you can buy me a penguin!

Buy Me A Coffee

Contact Me

You can find me on Twitter.

License

See LICENSE for more info.

About

The (to-be) Definitive CSRF Website Creator

Topics

python hacking csrf infosec bugbounty webhacking

Resources

Readme

License

MIT license
Activity

Stars

10 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages