Tuesday, April 13, 2010

Pinata - A CSRF POC HTML Generation tool

Pinata is a Python Script that will generate Proof of Concept CSRF HTML from HTTP request

- The tool will generate proof of concept CSRF HTML given an HTTP request. It will automatically check whether it is a GET or a POST request and with further validation for standard POST and Multipart/form POST.
- The tool will then create an HTML corresponding to the type of the request.
- The GET CSRF HTML includes IMG tag with SRC set to the URL being tested.
- The POST CSRF HTML is created with auto submit java script form with names and values from the HTTP request.

Download: http://code.google.com/p/pinata-csrf-tool

1 comment:

Michael Coates said...

Nice. I've tried a similar tool in the past - OWASP's CSRF Tester. Have you looked at that? If so, how do the two tools differ?

-Michael