104 lines
3.0 KiB
HTML
104 lines
3.0 KiB
HTML
<!DOCTYPE HTML>
|
|
<html lang="en">
|
|
<head>
|
|
<meta http-equiv="content-type" content="text/html; charset=utf-8">
|
|
<title>CSRF PoC Generator ~ MD15</title>
|
|
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css">
|
|
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
|
|
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js"></script>
|
|
</head>
|
|
|
|
<body>
|
|
<div class="container">
|
|
<div class="h1">CSRF PoC Generator</div>
|
|
<form>
|
|
<div class="form-group">
|
|
<label for="URL">URL:</label>
|
|
<input type="url" id="url" class="form-control" placeholder="http://sites.com"/>
|
|
<small id="textHelp" class="form-text text-muted">Add http:// or https:// in the beginning</small>
|
|
</div>
|
|
|
|
<div class="form-group">
|
|
<label for="method">Method:</label>
|
|
<select class="form-control" id="method">
|
|
<option>GET</option>
|
|
<option>POST</option>
|
|
</select>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="parameters">Parameters:</label>
|
|
<input type="button" class="form-control" value="Add Parameters" id="add_param"></input>
|
|
</div>
|
|
|
|
<div class="form-group">
|
|
<div class="field_left">
|
|
<input type="button" class="btn btn-primary" value="Generate" onclick="csrf_generator(true)" />
|
|
</div>
|
|
</div>
|
|
|
|
<div class="form-group">
|
|
<label for="req">Results:</label>
|
|
<textarea class="form-control" id="req" rows="15"></textarea>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
<script>
|
|
var param_counter = 0;
|
|
|
|
$(document).on("click", "#add_param", function(){
|
|
|
|
param_counter++;
|
|
var fright = $(this).parent();
|
|
fright.append("<form><div class='form-row'><div class='col'><input type='text' name='param[]' placeholder='Name' class='param_input form-control' id='param_input_"+param_counter+"'><input type='text' name='value[]' class='form-control' placeholder='Value'></div></form>");
|
|
|
|
});
|
|
|
|
|
|
function csrf_generator(encode){
|
|
encode = typeof(encode) == 'undefined' ? false : encode;
|
|
|
|
var html = "<html>\n<head>\n";
|
|
html += ' <title>CSRF vulnerability in ' + encodeURI($$v('url')) + '</title>' + "\n";
|
|
html += "</head>\n<body>\n";
|
|
html += ' <form action="' + encodeURI($$v('url')) + '" method="' + encodeURI($$v('method')) + '">' + "\n";
|
|
|
|
|
|
$(".param_input").each(function() {
|
|
|
|
if( $(this).val() )
|
|
{
|
|
html += ' <input type="hidden" name="' + encodeURI($(this).val()) + '" value="' + encodeURI($(this).next().val()) + '" />' + "\n";
|
|
}
|
|
});
|
|
|
|
html += " <input type='submit' value='Press Here' />\n";
|
|
html += " </form>\n";
|
|
html += "</body>\n";
|
|
html += "</html>"
|
|
|
|
if (encode) {
|
|
$$('req').innerHTML = html_encoding(html);
|
|
}
|
|
else {
|
|
$$('poc').innerHTML = html;
|
|
}
|
|
}
|
|
|
|
function html_encoding(str) {
|
|
return String(str)
|
|
.replace(/&/g, '&')
|
|
.replace(/"/g, '"')
|
|
.replace(/'/g, ''')
|
|
.replace(/</g, '<')
|
|
.replace(/>/g, '>');
|
|
}
|
|
function $$v(id) {
|
|
return document.getElementById(id).value;
|
|
}
|
|
function $$(id) {
|
|
return document.getElementById(id);
|
|
}
|
|
</script>
|
|
</body>
|
|
</html>
|