Bruteforce CSRF login tool | PythonProject

edited September 19 in Tools

A cool new tool i made in python to Brute Force anti-CSRF-Tokens protected login pages.
Could be useful in some machines here ;)

https://github.com/J3wker/CSRFbruteforce

Give Respect if you liked it or messages me for improvements :)

Comments

  • edited September 18

    J3wker Hello!
    Thanks for the python script!
    Appreciate it!

    I used it to crack the login credentials of the c******n login page and your script actually found the password but when I tried to login, there's just a page that has appeared, and it said "Forbidden" "you don't have permission to access"
    Do you why?
    Thanks!

  • J3wker, this is great! Thank you very much you have solved the issue that I have been having for a couple days. It found the password after a few seconds.

  • @Orka123 Nothing wrong with the script, the machine/login you are talking about has user/passwords that "work" as login but arent valid for anything

  • edited September 19

    No problem guys ! much appreciated !
    Script was improved even more - now its generic to any login pages that uses Anti-CSRF Tokens !
    I will make it into a BruteForce Framework i think and add offline hashing and more features soon !

    Follow my github!

  • thanks for the script

  • Added Threading for extra speed and a better Token Grabber
  • Hi! j3wker ! I don't why but your script always tell me that something went wrong. It says check wordlist path or request timed out. I checked my wordlist path and its the right one. The request didn't not time out , I checked it, and it was alright.
    Wny is this happening?

  • Contact me via PM and i will help you

  • Just tried this tool.
    It's works just great !!!
    Thanks!

  • Great tool! Thank you!

  • Type your comment> @LabMaster said:

    J3wker Hello!
    Thanks for the python script!
    Appreciate it!

    I used it to crack the login credentials of the c******n login page and your script actually found the password but when I tried to login, there's just a page that has appeared, and it said "Forbidden" "you don't have permission to access"
    Do you why?
    Thanks!

    That's because the credential found was not right. When you include a 'white space' or a special character like "#@%" .. the login page redirect you to Forbidden page. That's not because you found the password.

Sign In to comment.