id: csrf-guard-detect info: name: OWASP CSRFGuard 3.x/4.x - Detect author: forgedhallpass severity: info description: OWASP CSRFGuard 3.x and 4.x were checked for whether token-per-page support is enabled based on default configuration. reference: - https://github.com/OWASP/www-project-csrfguard classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0 cwe-id: CWE-200 metadata: max-request: 3 tags: tech,csrfguard,owasp http: - raw: - | GET / HTTP/1.1 Host: {{Hostname}} - | GET /JavaScriptServlet HTTP/1.1 Host: {{Hostname}} Referer: {{BaseURL}} - | POST /JavaScriptServlet HTTP/1.1 Host: {{Hostname}} OWASP-CSRFTOKEN: {{masterToken}} matchers-condition: or matchers: - type: word name: "CSRFGuard-v3.x" words: - "FETCH-CSRF-TOKEN" - type: word name: "CSRFGuard-v4.x" words: - "masterTokenValue" - type: dsl name: "Disabled-token-per-page" condition: and dsl: - 'status_code_3==400' - 'contains(body, "Token-Per-Page functionality is disabled")' - type: dsl name: "Enabled-token-per-page" condition: and dsl: - 'status_code_3==200' - 'contains(body, "{\"pageTokens")' cookie-reuse: true extractors: - type: regex name: masterToken internal: true group: 1 regex: - "(?:masterTokenValue\\s*=\\s*')([^']+)';" - type: regex group: 1 name: "master-token" regex: - "(?:masterTokenValue\\s*=\\s*')([^']+)';" - type: json name: "page-token" json: - '.pageTokens' # digest: 4b0a00483046022100821726d60c1c0a6b2f24348b839d8c1e01f77c59c1366eaf10006b18c8301149022100e70db60eb6c42ef70a8f3a4a7a8f9b7d11dfbbd9823b8eda598357dbde9df875:922c64590222798bb761d5b6d8e72950