Skip to content
A CSRF guard hiding extension that keeps track of the latest guard value per session and update new requests accordingly
Java HTML
Branch: master
Clone or download
Pull request Compare This branch is 4 commits ahead of asaafan:master.
Latest commit 8b3dbbe Feb 13, 2017
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
AntiCSRFToken.java Fixing some racing and deadlock issues. Issue asaafan#1. Oct 7, 2015
AntiCSRFTokenStatus.java Adding first code Nov 28, 2014
BappDescription.html Add BApp metadata files and Gradle build file. Jan 3, 2017
BappManifest.bmf Add RepoName to BappManifest Feb 13, 2017
BurpExtender.java Fixing bug if the session ID was wrong in the first trial Oct 7, 2015
CSurferConfigurations.java Adding first code Nov 28, 2014
CSurferJpanel.java
CSurferTokenJar.java Fixing bug if the session ID was wrong in the first trial Oct 7, 2015
README.md
build.gradle Reference Maven artifact instead of local build. Jan 18, 2017
settings.gradle Avoid the directory name affecting the name of the resultant jar by e… Jan 18, 2017

README.md

CSurfer

CSurfer is a CSRF guard hiding extension that keeps track of the latest guard value per session and update new requests accordingly. Also, it allows Burp to be chained with other security scanning tools that are not CSRF-guard aware.

The extension is availble for free on Burp App store (BApp) at:

https://pro.portswigger.net/bappstore/ShowBappDetails.aspx?uuid=086c6af8b24c40a79a5e99b71df10f11

A presentation from Cairo Security Camp Talk explaining the tool is available at:

https://www.dropbox.com/s/gtplhdlrme26b0d/Bypassing%20Anti-CSRF%20Tokens%20With%20Burp%20Extender%20-%20The%20Story%20of%20CSurfer.pdf?dl=1

@Author Saafan, A.

You can’t perform that action at this time.