Skip to content

Advanced Usage

Infected Drake edited this page Jan 17, 2019 · 18 revisions

XSRFProbe is a toolkit intended to be highly flexible and customisable. Everything the scanner does can be controlled via the config.py configuration file.

XSRFProbe Configuration Variables:

XSRFProbe has got full customisation over its runtime environment. In case if you don't want to enter parameters everytime, you can head over to config.py file and edit them as per your need. You might want to consider this option if you are a regular tester user. Set you variables, and next time when you want to run the tool, just fire it up with python xsrfprobe.py and the tool will run according to your configurations set!

The following below are options which you can modify according to your own needs:

  • SITE_URL - The main site domain which you want to scan.
  • CRAWL_SITE - The switch which determines whether or not to crawl the site. This option when set to True is equivalent to supplying the --crawl argument and will result in crawling the entire site and scanning all endpoints it finds.
  • DEBUG_MODE - Setting this to False means decreasing verbosity. This option is equivalent to supplying the -q/--quiet argument.
  • USER_AGENT - The user agent with which you might want to run the entire scanning process. the Default value is set to Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729), a standard Windows browser user-agent.
  • USER_AGENT_RANDOM - Setting this to True indicates that all requests are to make by different user-agents which is not recommended. This option is equivalent to --random-agent argument.
  • COOKIE_VALUE - The cookie value which will be passed during all requests. A cookie (preferably a Session Cookie, see why) is needed for complete assessment of all phases of XSRFProbe.
  • HEADER_VALUES - This is where the default header values are stored. The variable type is a Python dictionary. When you add a custom header with the --header argument, the header will get appended to this list of existing headers. See advanced usage if you want your own set of HTTP headers.
  • TIMEOUT_VALUE - This is the HTTP timeout value and applies to all requests. The default is 7 seconds. Changing this value is equivalent to supplying a value via the --timeout parameter.
  • DELAY_AMOUT - The value storing the delay amount between two requests in seconds. Changing this option is equivalent to setting the -d/--delay argument.
  • COOKIE_BASED - This is a run-time configuration variable. Setting this option to False means all cookie based checks (Cookie Persistence and Cookie Flag Checks) will NOT be performed. This is by default set to False when user doesn't supply a cookie value or the COOKIE_VALUE configuration variable is empty.
  • POST_BASED - A run-time configuration variable for checking if the user wants to check for POST Based CSRFs. Setting this option to False means all POST Based Forgery Checks will NOT be performed.
  • TOKEN_CHECKS - Another run-time configuration variable for checking if user wants XSRFProbe to do checks for anti-CSRF tokens. Setting this option to False means all Token Based Checks(Anti-CSRF Token Detection, Token Strength Calculation and Token Randomness Calculation) will NOT be performed.
  • REFERER_ORIGIN_CHECKS - Yet another run-time configuration variable intended to provide users with the option of allowing referer/origin checks. Setting this option to False means all Cross-Origin Based Checks (Referer Based and Origin Based Checks) will NOT be performed.
  • FORM_SUBMISSION - A controller variable which controls how XSRFProbe submits forms. Setting this to False will not allow any type of form submissions, thereby missing most of the module checks.
  • REFERER_URL - A controller variable which indicates the URL of the Referer header when performing tests against Referer Based Request Validation Checks.
  • ORIGIN_URL - A controller variable which indicates the URL of the Origin header when performing Origin Based Request Validation Checks.
  • TOKEN_GENERATION_LENGTH - A controller variable which defines the length of the strings of the form fields which are to be generated.
  • EXCLUDE_URLS - Exclude the directories which need not be scanned. The data type format should be in form of a standard Python list. This is equivalent to supplying list of directories via the --exclude switch.
  • OUTPUT_DIR - The output directory of the files where everything is to be stored (including logs).
  • DISPLAY_HEADERS - Option to display headers. This option will help you to display headers received during requests. You might want to turn this to True if you want the response headers to be displayed on the terminal.
  • SCAN_ANALYSIS - A run-time configuration variable which allows users to set the option for post-scan analysis. Setting this option to False means Post-Scan Analysis will NOT be performed. Equivalent to supplying the --no-analysis argument.
  • POC_GENERATION - A controller variable which help you to determine whether to generate PoC forms with each CSRF vulnerability found. Setting this option to False is equivalent to supplying the --skip-poc argument.
  • GEN_MALICIOUS - This variable decides which type of forms will be generated. If this is turned on (set to True), XSRFProbe will generate malicious forms which could be used in real-world exploitations upon discovery of a POST-Based vulnerability.

With this knowledge you can easily customize and manipulate XSRFProbe fully according to your needs and requirements.

XSRFProbe Wiki Index

Clone this wiki locally