Easy Cross-Site Request Forgery Exploitation with Websecurify Suite

Creating CSRF attack payloads from complex requests is tedious process, which involves a lot of copying, decoding, re-encoding and sometimes even knowing a few dirty browser tricks. Well've, we created a tool which simplifies this process to the extend where all you need to create and test a CSRF attack is to provide a HTTP request.

The tool is called Rforge and it specializes in building cross-site request forgery attacks. It is available right now for mass consumption. In the near future, we will integrate the tool into the Scanner and other auditing tools especially where CSRF issues are identified and reported, giving you the easiest possible way to detect and test these types of attacks.


Petko D. Petkov (pdp), is founder of Websecurify and frontman of the GNUCITIZEN Information Security Think Tank. pdp is a recognized information security researcher, security tools developer, penetration tester, frequent speaker at industry events, and published author who has contributed to several best-selling books in the field of information security.

Comments Powered ByDisqus