Download
XSRFProbe is an advanced security auditing toolkit designed to detect and analyze Cross Site Request Forgery (CSRF/XSRF) vulnerabilities in web applications. It uses an automated crawling engine that continuously scans a target application, collects forms and endpoints, and evaluates them for potential CSRF weaknesses. XSRFProbe performs numerous systematic checks to determine whether a web endpoint is vulnerable, including inspection of anti-CSRF tokens, cookie validation behavior, and request forgery scenarios. It also analyzes the strength and randomness of security tokens using algorithms such as entropy calculations to determine whether tokens can be predicted or forged. When a vulnerability is discovered, it can automatically generate proof-of-concept payloads that demonstrate how the flaw could be exploited in a real attack scenario. XSRFProbe provides a highly automated workflow while still allowing users to customize scanning behavior and configuration settings.
Features
- Automated crawling engine that scans web pages and forms continuously
- Detection of anti-CSRF tokens within POST requests and form submissions
- Token strength and randomness analysis using entropy-based algorithms
- Support for custom cookies and generic HTTP headers during testing
- Generation of proof-of-concept exploits for discovered vulnerabilities
- Detailed logging system for vulnerabilities, tokens, and scan results
Project Samples
