Creating Your CSRF PoC Programmatically

Rather than manually constructing a PoC just by eyeballing the intercepted HTTP request in our Burp proxy tab, it would be awfully nice if we had a script that could take the information we need as a series of input (from either a CLI argument, a web scraper, or another source).

Let's do it. With just a little Python, we can make a short script that painlessly formats our info into a CSRF PoC.

Let's start by defining the data we'll need to build the PoC. We'll start defining those variables right after we set up our interpreter in our new csrf_poc_generator.py file:

#!/usr/bin/env python3method="POST"encoding_type="application/x-www-form-urlencoded"action="http://webscantest.com/crosstraining/aboutyou.php" ...

Get Hands-On Bug Hunting for Penetration Testers now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.