O'Reilly logo

Hands-On Bug Hunting for Penetration Testers by Joseph Marshall

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Creating Your CSRF PoC Programmatically

Rather than manually constructing a PoC just by eyeballing the intercepted HTTP request in our Burp proxy tab, it would be awfully nice if we had a script that could take the information we need as a series of input (from either a CLI argument, a web scraper, or another source).

Let's do it. With just a little Python, we can make a short script that painlessly formats our info into a CSRF PoC.

Let's start by defining the data we'll need to build the PoC. We'll start defining those variables right after we set up our interpreter in our new csrf_poc_generator.py file:

#!/usr/bin/env python3method="POST"encoding_type="application/x-www-form-urlencoded"action="http://webscantest.com/crosstraining/aboutyou.php" ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required