Skip to content
/ app Public

πŸš€ CSRFShark - a utility for manipulating cross-site request forgery attacks

License

Notifications You must be signed in to change notification settings

csrfshark/app

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

6 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

CSRFShark


CSRFShark is a utility for manipulating cross-site Request forgery (CSRF) attacks.

It allows to easily generate a CSRF PoC based on a given HTTP/CURL requests with further possibility to get a permanent link to the result.

πŸ“š Contents

πŸš€ Getting started

CSRFShark offers a hosted solution located at https://csrfshark.github.io/app

If you want to host CSRFShark on your local machine, several start options are available:

πŸ“– Usage

This video will take you on a journey into the realm of web security, where you will become proficient in using CSRFShark. CSRFShark is a tool created to streamline the generation, distribution, and verification of Cross-Site Request Forgery (CSRF) payloads. Regardless of whether you are an experienced expert or a novice starting to explore web security, this tutorial is suitable for all levels of expertise. We will guide you through each step, ensuring that you can utilize CSRFShark efficiently. Sit back and enjoy the video!

EN link

RU link

✨ Features

  • Share - allows you to easily and quickly get a permanent link to the result. All necessary data for PoC will be stored in the URL Hash.
  • Client-Side Rendering - all data is generated on the client side using JavaScript.
  • Privacy - through the use of URL Hash technology, the server has no information about the client request and the created PoC.
  • Real-Time run - check that the attack works in real-time.

🌐 Supported languages

  • English
  • Russian
  • Ukrainian
  • Spanish

βœ… Supported CSRF PoC techniques

  • Form - a simple HTML form that includes hidden inputs and a submit button.
  • XMLHttpRequest - makes a HTTP request in JavaScript via XMLHttpRequest class.
  • XMLHttpRequest + Stats - same as XMLHttpRequest, but also includes code to display request statistics.
  • Link - a simple HTML <a> tag.
  • Img - a simple HTML <img> tag.

πŸ‘€ Author

f0rb1dd3n0x193

⚠️ Legal disclaimer

This tool is for educational purpose only. It is illegal to use this program to attack targets without prior mutual consent. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage cause by this program.

βš–οΈ License

Licensed under the MIT License.