XSRFProbe Versions Save

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

v2.3.1

4 years ago

This release includes critical bug fixes for:

  • Line ending formatting bug when installing via pypi/pip.
  • Cookies and headers which were not being added to all requests.
  • CA verification switch which did not exclusively apply to all requests.
  • Other regular optimisation features.

Special thanks to @Freedzone.

v2.2.0

4 years ago

Here are some highlights about this release:

  • Precise fine tuning of various parameters and test conditions for detecting CSRF.
  • Proper cookie handling feature for parsed requests and custom requests.
  • Add full support of the --display switch to display both request as well as response headers.
  • A new switch --no-verify added to this release, so as to allow connection to web application with self signed CAs.

v2.1.1

4 years ago

This release includes:

  • Fixes improper cookie handling feature.
  • Other changes for Pypi.

This is a minor post-release.

v2.1.0

4 years ago

Some significant changes in this version:

  • XSRFProbe now available as a package (aka can be installed via pip).
  • Added full support of cookies while making requests.
  • Fixed form-type bugs and added email type checks.
  • Tweaked some modules for more accuracy in CSRF detections.
  • Major bug fixes removing support for deprecated libraries.
  • Huge code optimizations (cleaning and stuff).

v2.0.0

5 years ago

A HUGE update to XSRFProbe. Now its both a audit as well as an exploitation toolkit.

Noteworthy Facts:

  • XSRFProbe is the only toolkit all over GitHub on CSRF.
  • More new modules added for efficient and systematic CSRF detection.
  • Efficient request crafting and token tampering modules added.
  • XSRFProbe now can generate PoCs for vulnerabilities found.
  • This is a full complete stable release.
  • XSRFProbe has more improvised automated workflow.

v2.0-beta.0

5 years ago

A HUGE update to version 2. This is a pre-release, stable release is yet to come.

Changelog:

  • Almost 100% code refactor.
  • Many new modules added for efficient CSRF vulnerabilities detection.
  • XSRFProbe got a new highly generalised, automated workflow.
  • Well documented code infrastructure. (Try going through source)
  • This release features improvised crawling engine with efficient form parsers.

v1.1

5 years ago

A release featuring build supporting Python v3.

Changelog:

  • A new build with absolute engine support for Python v3.
  • Removed Python 2 version support.
  • Minor bug fixes and stuff.