Account Provisioning
Check List
Methodology
Black Box
Account Provisioning
1
Prepare target URL and optional Auth cookie
2
Identify routes and endpoints using scripts written, combine and deduplicate Katana and FFUF outputs into one file (/tmp/all_endpoints.txt)
3
CSRF testing with XSRFProbe: for each endpoint run XSRFProbe (use -c if cookie is provided) with --random-agent --malicious --crawl. XSRFProbe attempts to detect CSRF vulnerabilities and, if successful, generates a PoC and an HTML report
White Box
Cheat Sheet
Manual Create CSRF
xsrfprobe -u https://$WEBSITE/profile/update -vxsrfprobe -u https://$WEBSITE/profile/update -v -c "$COOKIE"CSRFShark
Auto Create CSRF
#!/bin/bash
WEBSITE=$1
COOKIE=$2
if [ -z "$WEBSITE" ]; then
echo "Usage: $0 https://example.com [cookie]"
exit 1
fi
echo "[*] Running katana for passive endpoint discovery..."
katana -u "$WEBSITE" -jc -d 2 -o /tmp/katana_raw.txt
echo "[*] Running ffuf for fuzzing endpoint parameters..."
ffuf -u "$WEBSITE/FUZZ" -w /usr/share/seclists/Discovery/Web-Content/common.txt -mc 200 -of csv -o /tmp/ffuf_results.csv > /dev/null
cut -d ',' -f1 /tmp/ffuf_results.csv | grep "$WEBSITE" > /tmp/ffuf_raw.txt
cat /tmp/katana_raw.txt /tmp/ffuf_raw.txt | sort -u > /tmp/all_endpoints.txt
echo "[*] Checking endpoints for CSRF using xsrfprobe..."
mkdir -p /tmp/results
> /tmp/results/vulnerable_csrf.txt
while read endpoint; do
echo "[*] Testing: $endpoint"
if [ -n "$COOKIE" ]; then
xsrfprobe -u "$endpoint" -c "$COOKIE" --random-agent --malicious --crawl -o /tmp/results/report.html
else
xsrfprobe -u "$endpoint" --random-agent --malicious --crawl -o /tmp/results/report.html
fi
if grep -q "PoC generated" /tmp/results/report.html; then
echo "[+] Potential CSRF at: $endpoint"
echo "$endpoint" >> /tmp/results/vulnerable_csrf.txt
else
echo "[-] Not vulnerable: $endpoint"
fi
done < /tmp/all_endpoints.txt
echo
echo "✅ CSRF Scan Complete."
echo "📄 Vulnerable endpoints saved in: /tmp/results/vulnerable_csrf.txt"sudo nano csrf-hunter.sh;sudo ./csrf-hunter.sh $WEBSITELast updated