Last active
July 24, 2017 09:08
-
-
Save debasishm89/7123767 to your computer and use it in GitHub Desktop.
This Burpy (https://github.com/debasishm89/burpy) module is specially written to find CSRF vulnerability in Facebook Application.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from rawweb import * | |
def main(raw_stream,ssl): | |
''' | |
This Burpy module is specially written to find CSRF vulnerability in Facebook Application. | |
It has already found few minor CSRF vulnerability in FB application. Few them was qualifed for Bug Bounty. | |
It simply checks whether CSRF token validation is present in Server Side or not by removing token | |
from request and replaying it.Facebook application always throws a generic error message for CSRF error which is | |
"Please try closing and re-opening your browser". If this error is not present in response after removing the token | |
it returns +ve. | |
''' | |
title = [ | |
"Possible XSRF", #Please don't add <script>/ html tags here and report XSS :P | |
"CSRF Token Removed from Request" | |
] | |
csrf_error = "Please try closing and re-opening your browser" # | |
raw = RawWeb(raw_stream) | |
if "fb_dtsg" in raw_stream: # Check if request contains any CSRF token or not | |
final = raw.removeparameter("fb_dtsg") # Use rawweb api to remove the parameter from request | |
else: | |
return "FALSE" #CSRF token not present in request | |
result = raw.fire(ssl) | |
#result[0] => 200 | |
#result[1] => OK | |
#result[2] => Respheaders => dict | |
#result[3] => body | |
if csrf_error in result[3]: # If the CSRF error presnt in response body, Everythng is fine, return false | |
if result[0] != 500: | |
# validation there | |
# If test positive return True,reponse header , response body. | |
#return res.status,res.reason,res_headers,self.craft_res(res.getheaders(),res.read()) | |
return "FALSE" | |
else: | |
return title,final,result[0],result[1],result[2],result[3] | |
else: | |
# If false only send False | |
return title,final,result[0],result[1],result[2],result[3] # Else return the crafted request |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment