Account Provisioning

Check List

Verify which accounts may provision other accounts and of what type.

Methodology

Black Box

Account Provisioning

Prepare target URL and optional Auth cookie

Identify routes and endpoints using scripts written, combine and deduplicate Katana and FFUF outputs into one file (/tmp/all_endpoints.txt)

CSRF testing with XSRFProbe: for each endpoint run XSRFProbe (use -c if cookie is provided) with --random-agent --malicious --crawl. XSRFProbe attempts to detect CSRF vulnerabilities and, if successful, generates a PoC and an HTML report

White Box

Cheat Sheet

Manual Create CSRF

XSRFProbe

Non-Authenticated Endpoint

xsrfprobe -u https://$WEBSITE/profile/update -v

Authenticated Endpoint

xsrfprobe -u https://$WEBSITE/profile/update -v -c "$COOKIE"

CSRFShark

CSRFSharkcsrfshark.github.io

Auto Create CSRF

Katana & FFUF & XSRFprobe

Create Script

#!/bin/bash

WEBSITE=$1
COOKIE=$2

if [ -z "$WEBSITE" ]; then
    echo "Usage: $0 https://example.com [cookie]"
    exit 1
fi

echo "[*] Running katana for passive endpoint discovery..."
katana -u "$WEBSITE" -jc -d 2 -o /tmp/katana_raw.txt

echo "[*] Running ffuf for fuzzing endpoint parameters..."
ffuf -u "$WEBSITE/FUZZ" -w /usr/share/seclists/Discovery/Web-Content/common.txt -mc 200 -of csv -o /tmp/ffuf_results.csv > /dev/null

cut -d ',' -f1 /tmp/ffuf_results.csv | grep "$WEBSITE" > /tmp/ffuf_raw.txt

cat /tmp/katana_raw.txt /tmp/ffuf_raw.txt | sort -u > /tmp/all_endpoints.txt

echo "[*] Checking endpoints for CSRF using xsrfprobe..."

mkdir -p /tmp/results
> /tmp/results/vulnerable_csrf.txt

while read endpoint; do
    echo "[*] Testing: $endpoint"

    if [ -n "$COOKIE" ]; then
        xsrfprobe -u "$endpoint" -c "$COOKIE" --random-agent --malicious --crawl -o /tmp/results/report.html
    else
        xsrfprobe -u "$endpoint" --random-agent --malicious --crawl -o /tmp/results/report.html
    fi

    if grep -q "PoC generated" /tmp/results/report.html; then
        echo "[+] Potential CSRF at: $endpoint"
        echo "$endpoint" >> /tmp/results/vulnerable_csrf.txt
    else
        echo "[-] Not vulnerable: $endpoint"
    fi
done < /tmp/all_endpoints.txt

echo
echo "✅ CSRF Scan Complete."
echo "📄 Vulnerable endpoints saved in: /tmp/results/vulnerable_csrf.txt"

Run Script

sudo nano csrf-hunter.sh;sudo ./csrf-hunter.sh $WEBSITE

PreviousUser Registration NextAccount Enumeration

Last updated 25 days ago