This is a lightweight app that allows you to mimic CSRF attacks to check your own web applications for vulnerabilities. Simply set up your request configuration in a config.json
file, and when you visit the app in your browser you can choose to execute those requests at will. The app runs on the default Sinatra port (4567).
NOTE: Obviously, this tool should only be used on applications you own or are explicitly allowed to test. Anything else would be illegal, and I accept absolutely no responsibility for your use of this application.
If you don't have bundler, install with your favorite package manager, e.g.: brew install bundler
Clone repo: git clone https://github.com/rufusraghunath/csrfun.git
Inside repo: bundle install
Change the config.json
file to whatever you want. You can put as many URLs as you want, and register multiple HTTP/HTTPS requests per URL.
From the repo root: ruby csrfun_app.rb
In the browser, visit localhost:4567.