Page 115 - Hands-On Bug Hunting for Penetration Testers

P. 115

CSRF and Insecure Session Authentication Chapter 6

Let's do it. With just a little Python, we can make a short script that painlessly formats our
info into a CSRF PoC.

Let's start by defining the data we'll need to build the PoC. We'll start defining those
variables right after we set up our interpreter in our new DTSG@QPD@HFOFSBUPS QZ file:

VTS CJO FOW QZUIPO
NFUIPE 1045
FODPEJOH@UZQF BQQMJDBUJPO Y XXX GPSN VSMFODPEFE
BDUJPO IUUQ XFCTDBOUFTU DPN DSPTTUSBJOJOH BCPVUZPV QIQ
GJFMET <
\
UZQF UFYU
OBNF GOBNF
MBCFM GOBNF
^
\
UZQF UFYU
OBNF MOBNF
MBCFM MOBNF
^
\
UZQF UFYU
OBNF OJDL
MBCFM OJDL
^
>

This structure d strings for the basic GPSN tag attributes and a GJFMET list of dictionaries
with all the information we need to build the different form fields d is simple enough as a
starting point, while also allowing some basic capabilities. Specifically, the abilities to add
an arbitrary amount of form fields and to add new attributes to make new form objects.
Now we just need some logic to take this data and create the necessary HTML markup.
Thankfully, the HTML parser we used in $IBQUFS , Preparing for an Engagement to extract
the JavaScript from a page we were crawling for vulnerabilities d Beautiful Soup d can also
be used to create markup.

For example, here's the code creating our outermost IUNM tag that will wrap our form:
GSPN CT JNQPSU #FBVUJGVM4PVQ 5BH

DPOUFOU #FBVUJGVM4PVQ IUNM IUNM IUNM QBSTFS

QSJOU DPOUFOU QSFUUJGZ

[ 100 ]

110 111 112 113 114 115 116 117 118 119 120