Web Application Analysiscsrfxsrfvulnerabilityauditexploitationwebsecurity

XSRFProbe

XSRFProbe is an advanced Cross Site Request Forgery (CSRF/XSRF) audit and exploitation toolkit. It detects CSRF vulnerabilities, related bypasses, and generates exploitable proof-of-concepts.

Description

XSRFProbe is a powerful toolkit designed for auditing and exploiting Cross Site Request Forgery (CSRF/XSRF) vulnerabilities in web applications. Equipped with a robust crawling engine and systematic checks, it identifies most CSRF vulnerabilities along with their bypass techniques.

The tool is particularly useful for security researchers and penetration testers conducting web application security assessments. It automates the detection process and provides actionable proof-of-concept exploits for discovered vulnerabilities, making it easier to validate and demonstrate CSRF issues to developers.

Key use cases include comprehensive web vulnerability scanning, CSRF bypass testing, and generating malicious PoCs for red team exercises and bug bounty programs.

How It Works

XSRFProbe operates with a powerful crawling engine that systematically explores web applications starting from a main URL. It performs numerous checks to detect CSRF vulnerabilities by analyzing request/response patterns, token validation, and bypass opportunities. The toolkit generates exploitable proof-of-concept payloads for each identified vulnerability, leveraging techniques like cookie handling and request manipulation.

Installation

bash

sudo apt install xsrfprobe

Flags

-u, --urlMain URL to test

-c, --cookieCookie value to be requested with each successive request. If there are multiple cookies, separate them with commas. For example: -c PHPSESSID=i837c5n83u4, _gid=jdhfbuysf

-o, --outputOutput directory where files to be stored. Default is the output/ folder where all files generated will be stored

-d, --delayTime delay between requests in seconds. Default is

Examples

Display help information and usage for XSRFProbe

xsrfprobe -h

Test the main URL https://example.com for CSRF vulnerabilities

xsrfprobe -u https://example.com

Test URL with specified session cookie for authenticated CSRF scanning

xsrfprobe -u https://example.com -c PHPSESSID=i837c5n83u4

Test URL with multiple cookies separated by commas

xsrfprobe -u https://example.com -c PHPSESSID=i837c5n83u4,_gid=jdhfbuysf

Test URL and store results in custom output directory

xsrfprobe -u https://example.com -o /custom/output

Test URL with 2-second delay between requests

xsrfprobe -u https://example.com -d 2

Comprehensive scan with cookie, custom output directory

xsrfprobe -u https://example.com -c PHPSESSID=test -o results/

Updated 2026-04-16kali.org ↗