CSRFT, A Toolkit for CSRF Vulnerabilities

Cross Site Request Forgery vulnerabilities are a growing danger and yet there aren't virtually any tools allowing for easy and fast proof of concept prototyping. Therefore, my talk is dedicated to a tool that I'm currently developing to create a generic platform for CSRF vulnerability works. The project has been developed with Python, js/NodeJS, and configuration files are in JSON format. I'll also present a HTTP proxy I developed that you can combine with the toolkit to inject malicious iframe in each page the user is browsing. Moreover, most of the people think that those vulnerabilities are not relevant if the user is not logged into the vulnerable platform. However, I'll explain how, with my custom toolkit, you can take advantage of those vulnerabilities even if the user is not (yet) connected to the platform. During the talk, i'll present the tool, its purpose, give several demos on how to use it and show its real strengths such as performing complex CSRF exploitation techniques using custom scenarios designed for the conference.