Search Results for "csrf"

Simple integration of Flask and WTForms, including CSRF, file upload, and reCAPTCHA. Integration with WTForms. Secure Form with CSRF token. Global CSRF protection. reCAPTCHA support. File upload that works with Flask-Uploads. Internationalization using Flask-Babel.

...Custom claims validation on received tokens. Refresh tokens, first-class support for fresh tokens for making sensitive changes. Token revoking/blocklisting. Storing tokens in cookies and CSRF protection. Adding custom claims to JSON Web Tokens. Automatic user loading (current_user). Custom claims validation on received tokens. Refresh tokens. First-class support for fresh tokens for making sensitive changes. Token revoking/blocklisting. Storing tokens in cookies and CSRF protection.

...It supports several Amazon regions, including Amazon, Amazon.cn, Amazon.de, Amazon.co.uk, and Amazon.co.jp. The workflow requires the user to log in through the browser, retrieve a CSRF token, and then run the script with the correct regional option. It can download purchased Kindle content and, depending on the flag used, personal document files as well. The repository is archived, so it should be treated as a historical utility rather than an actively maintained tool. It is best understood as a convenience script for users who need bulk access to their own Kindle library files.

...It can automatically load data from the request, uses Flask-Babel to translate based on user-selected locale, provides full-application CSRF, and more.

Django is a high-level, free and open-source Python web framework founded on the Model–Template–View (MTV) pattern, designed to facilitate rapid development of secure, maintainable, and scalable database-driven websites. First, read docs/intro/install.txt for instructions on installing Django. Next, work through the tutorials in order (docs/intro/tutorial01.txt, docs/intro/tutorial02.txt, etc.). If you want to set up an actual deployment server, read docs/howto/deployment/index.txt for...

...This version provides a security-first design, easy integration, customization, out-of-the-box Django admin support and dark mode. It is a complete rewrite and all former APIs are broken. A form is used to perform a POST including a CSRF-token for security reasons. The field user_pk is mandatory and the value must be set to the target users' primary key. The optional field next determines where a user is forwarded after a successful hijack. If not provided, users are forwarded to the LOGIN_REDIRECT_URL. Do not forget to load the hijack template tags to use the can_hijack filter. ...

...It currently performs checks for: SQL Injection (SQLi): Detects vulnerabilities that could allow attackers to inject malicious SQL code and manipulate the database. XSS Cross-site-scripting: Detect vulnerability that allow attackers to inject client-side scripts into web pages Cross-Site Request Forgery (CSRF): Helps discover vulnerabilities that could allow attackers to trick users into performing unintended actions on a website. Insecure Direct Object References (IDOR): Scans for vulnerabilities that might enable attackers to access unauthorized data by manipulating direct object references. Open Ports: Detects open ports on the target web server to understand its potential attack surface. ...

XSRFProbe is an advanced security auditing toolkit designed to detect and analyze Cross Site Request Forgery (CSRF/XSRF) vulnerabilities in web applications. It uses an automated crawling engine that continuously scans a target application, collects forms and endpoints, and evaluates them for potential CSRF weaknesses. XSRFProbe performs numerous systematic checks to determine whether a web endpoint is vulnerable, including inspection of anti-CSRF tokens, cookie validation behavior, and request forgery scenarios. ...