Skip to content
/ CSurfer Public

A CSRF guard hiding extension that keeps track of the latest guard value per session and update new requests accordingly

portswigger.net/bappstore/showbappdetails.aspx?uuid=086c6af8b24c40a79a5e99b71df10f11
18 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

asaafan/CSurfer

BranchesTags

Repository files navigation

CSurfer

CSurfer is a CSRF guard hiding extension that keeps track of the latest guard value per session and update new requests accordingly. Also, it allows Burp to be chained with other security scanning tools that are not CSRF-guard aware.

The extension is availble for free on Burp App store (BApp) at:

https://pro.portswigger.net/bappstore/ShowBappDetails.aspx?uuid=086c6af8b24c40a79a5e99b71df10f11

A presentation from Cairo Security Camp Talk explaining the tool is available at:

https://www.dropbox.com/s/gtplhdlrme26b0d/Bypassing%20Anti-CSRF%20Tokens%20With%20Burp%20Extender%20-%20The%20Story%20of%20CSurfer.pdf?dl=1

@Author Saafan, A.

About

A CSRF guard hiding extension that keeps track of the latest guard value per session and update new requests accordingly

portswigger.net/bappstore/ShowBappDetails.aspx?uuid=086c6af8b24c40a79a5e99b71df10f11

Resources

Readme
Activity

Stars

18 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages