Rather than manually constructing a PoC just by eyeballing the intercepted HTTP request in our Burp proxy tab, it would be awfully nice if we had a script that could take the information we need as a series of input (from either a CLI argument, a web scraper, or another source).
Let's do it. With just a little Python, we can make a short script that painlessly formats our info into a CSRF PoC.
Let's start by defining the data we'll need to build the PoC. We'll start defining those variables right after we set up our interpreter in our new csrf_poc_generator.py file:
#!/usr/bin/env python3method="POST"encoding_type="application/x-www-form-urlencoded"action="http://webscantest.com/crosstraining/aboutyou.php" ...