bash-bounty/CSRF PoC Generator/index.html

104 lines
3.0 KiB
HTML

<!DOCTYPE HTML>
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>CSRF PoC Generator ~ MD15</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<div class="h1">CSRF PoC Generator</div>
<form>
<div class="form-group">
<label for="URL">URL:</label>
<input type="url" id="url" class="form-control" placeholder="http://sites.com"/>
<small id="textHelp" class="form-text text-muted">Add http:// or https:// in the beginning</small>
</div>
<div class="form-group">
<label for="method">Method:</label>
<select class="form-control" id="method">
<option>GET</option>
<option>POST</option>
</select>
</div>
<div class="form-group">
<label for="parameters">Parameters:</label>
<input type="button" class="form-control" value="Add Parameters" id="add_param"></input>
</div>
<div class="form-group">
<div class="field_left">
<input type="button" class="btn btn-primary" value="Generate" onclick="csrf_generator(true)" />
</div>
</div>
<div class="form-group">
<label for="req">Results:</label>
<textarea class="form-control" id="req" rows="15"></textarea>
</form>
</div>
</div>
<script>
var param_counter = 0;
$(document).on("click", "#add_param", function(){
param_counter++;
var fright = $(this).parent();
fright.append("<form><div class='form-row'><div class='col'><input type='text' name='param[]' placeholder='Name' class='param_input form-control' id='param_input_"+param_counter+"'><input type='text' name='value[]' class='form-control' placeholder='Value'></div></form>");
});
function csrf_generator(encode){
encode = typeof(encode) == 'undefined' ? false : encode;
var html = "<html>\n<head>\n";
html += ' <title>CSRF vulnerability in ' + encodeURI($$v('url')) + '</title>' + "\n";
html += "</head>\n<body>\n";
html += ' <form action="' + encodeURI($$v('url')) + '" method="' + encodeURI($$v('method')) + '">' + "\n";
$(".param_input").each(function() {
if( $(this).val() )
{
html += ' <input type="hidden" name="' + encodeURI($(this).val()) + '" value="' + encodeURI($(this).next().val()) + '" />' + "\n";
}
});
html += " <input type='submit' value='Press Here' />\n";
html += " </form>\n";
html += "</body>\n";
html += "</html>"
if (encode) {
$$('req').innerHTML = html_encoding(html);
}
else {
$$('poc').innerHTML = html;
}
}
function html_encoding(str) {
return String(str)
.replace(/&/g, '&amp;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#39;')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;');
}
function $$v(id) {
return document.getElementById(id).value;
}
function $$(id) {
return document.getElementById(id);
}
</script>
</body>
</html>