If you use IntelliJ IDEA, you can build it by following Build -> Build Artifacts -> Laz圜SRF:jar -> Build. You can generate a CSRF PoC by selecting Extensions-> Laz圜SRF-> Generate CSRF PoC By Laz圜SRF from the menu that opens by right-clicking on Burp Suite. Select the extension type Java, and specify the location of the JAR. In Burp Suite, go to the Extensions tab in the Extender tab, and add a new extension. This is only the case if the characters are not garbled on Burp Suite. Laz圜SRF can generate PoC for CSRF without garbling multibyte characters. ![]() The following image shows the difference in the display of multibyte characters between Burp's CSRF PoC generator and Laz圜SRF. Generating CSRF PoC with Burp Suite Community Edition (of course, it also works in Professional Edition)ĭifference in display of multibyte characters.Support displaying multibyte characters (like Japanese).In case the request is a PUT/PATCH/DELETE.Automatically switch to PoC using XMLHttpRequest.These were the motivations for creating Laz圜SRF. In addition, multibyte characters that can be displayed in Burp Suite itself are often garbled in the generated CSRF PoC. Your license key is available to download from your account page. However, the function to automatically determine the content of request is broken, and it will try to generate PoC using form even for PoC that cannot be represented by form, such as cases using JSON for parameters or PUT requests. When launching Burp Suite Professional for the first time, you will be prompted to provide your Burp license key. ![]() ![]() The feature of Burp Suite that I like the most is Generate CSRF PoC. I'll do maintenance again when I have some free time.īurp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing web application security testing. I'm going to finish the maintenance now because I have other attractive themes. I am still dissatisfied with the burp built-in CSRF PoC generator, but I think it is sufficient for needs now. When I started developing laz圜SRF, I mistakenly thought that the CSRF PoC generator built into Burp Professional could not generate PoC using XHR and did not support PUT requests, etc. Laz圜SRF is a more useful CSRF PoC generator that runs on Burp Suite.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |