Bruteforce CSRF login tool | PythonProject

A cool new tool i made in python to Brute Force anti-CSRF-Tokens protected login pages.
Could be useful in some machines here :wink:

https://github.com/J3wker/CSRFbruteforce

Give Respect if you liked it or messages me for improvements :slight_smile:

J3wker Hello!
Thanks for the python script!
Appreciate it!

I used it to crack the login credentials of the c******n login page and your script actually found the password but when I tried to login, there’s just a page that has appeared, and it said “Forbidden” “you don’t have permission to access”
Do you why?
Thanks!

J3wker, this is great! Thank you very much you have solved the issue that I have been having for a couple days. It found the password after a few seconds.

@Orka123 Nothing wrong with the script, the machine/login you are talking about has user/passwords that “work” as login but arent valid for anything

No problem guys ! much appreciated !
Script was improved even more - now its generic to any login pages that uses Anti-CSRF Tokens !
I will make it into a BruteForce Framework i think and add offline hashing and more features soon !

Follow my github!

thanks for the script

Added Threading for extra speed and a better Token Grabber

Hi! j3wker ! I don’t why but your script always tell me that something went wrong. It says check wordlist path or request timed out. I checked my wordlist path and its the right one. The request didn’t not time out , I checked it, and it was alright.
Wny is this happening?

Contact me via PM and i will help you

Just tried this tool.
It’s works just great !!!
Thanks!

Great tool! Thank you!

Type your comment> @LabMaster said:

J3wker Hello!
Thanks for the python script!
Appreciate it!

I used it to crack the login credentials of the c******n login page and your script actually found the password but when I tried to login, there’s just a page that has appeared, and it said “Forbidden” “you don’t have permission to access”
Do you why?
Thanks!

That’s because the credential found was not right. When you include a ‘white space’ or a special character like “#@%” … the login page redirect you to Forbidden page. That’s not because you found the password.

Guys can somebody please tell me why this script always tells me [-] Something went wrong - check wordlist path OR request timed out. I actually dont get. I checked the wordlist path and the request did not time out. Why is this happening?
Thanks
It doesn’t even let me run it normally with : python3 brutecsrf.py
why?>