-
Notifications
You must be signed in to change notification settings - Fork 208
Home
Pinaki Mondal edited this page Oct 31, 2019
·
40 revisions
Welcome to the XSRFProbe Wiki!
Lets get started with the documentation!
Knowing the basics and compatibilities and setting XSRFProbe up.
Documentation about using XSRFProbe for a general as well as an advanced user.
-
General Usage
- XSRFProbe Arguments List
- Testing a Single Endpoint
- Crawling the Site
- Adding Cookies for Requests
- Using Custom User-Agent
- HTTP Request Timeout
- HTTP Request Delay
- Using Custom HTTP Headers
- Using Random User-Agents
- Form Field Character Generation
- Excluding Out of Scope Directories
- Controlling Verbosity
- Generating Malicious Forms
- Skipping PoC Generation
- Skipping Post-Scan Analysis
- Specifying Output Directory
- Updating XSRFProbe
- XSRFProbe Version
- Advanced Usage
Discussions and answers to questions on topics which a user should understand.
- Why should I supply cookies?
- Why is using random-user-agents not recommended?
- What if I want my own custom headers while making requests?
- What is the buzz about form field generation?
- I have some directories which I don't want to scan, is it possible?
- During scanning I received a
HTTPError
, what happened? - I am getting
VULNERABLE
in various endpoints, but they're not. Why? - How do I know if this tool actually works?
- Are there different color codes?
Documentation on how XSRFProbe works, its test cases, checks and accuracy. Intended for developers exclusively.
-
The Generalised Workflow
-
Types of Checks
- Origin Based Forgery Checks
- Referer Based Forgery Checks
- Anti-CSRF Token Detection
- Token Strength Calculation
- Token Randomness Calculation
- Token Encoding Detection
- Cookie Persistence
- Cookie Flag Checks
- POST-Based Request Forgery Checks
- Request Tampering and Forging
- Generating Custom PoCs
- Post-Scan Analysis
-
Types of Checks
Documentation on tips, and guidelines how a developer should contribute to XSRFProbe.
Guidelines on how you should submit bugs.
Last Updated — 31/10/2019 by @0xInfection
- Home Welcome to XSRFProbe!
- Getting Started Getting started and setting up XSRFProbe.
- General Usage Basic usage of XSRFProbe.
- Advanced Usage Useful for advanced users who know what they're doing.
- XSRFProbe Internals How XSRFProbe works, intended for developers.
- Some FAQs Some discussions on topics which a user should understand.
- Contributing Making new pull requests.
- Reporting Bugs Issuing new bugs to XSRFProbe.