0xinfection / xsrfprobe Goto Github PK

View Code? Open in Web Editor NEW

973.0 36.0 185.0 611 KB

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

License: GNU General Public License v3.0

Python 98.18% HTML 1.82%

csrf crawler csrf-attacks token-generation csrf-scanner crafted-tokens spider csrf-tokens csrf-poc xsrf

xsrfprobe's People

Contributors

Stargazers

Watchers

Forkers

x-isme edgylivingstone jeremy0xsebastian zard777 vudmain henrydogard ch0nchu loner-coder codecry123 cclauss sgachies rafael-cardoso teicu steven1ay the-blue-falcon tim1512 zenzue jayateertha043 attacker34 bbhunter 0x01-tools arunsaw kakuye thezedwards yskps mwh4x alpha0king limkokholefork anuku7 papsire iduronto chensiqia crypto-breaker bh4nut3j4 m4rm0k shahid1996 superf0sh muxxs vince-lynch detrojones opabravo 0xarab snrtherock technicalrican beyondcy grayhats vanquishsecurity seabreg vineshchauhan24 aligrt nag1bat0r tai-euler robdollard hhy5277 sanelez dipsec magnologan offensive-kitri natrix-fork arryboom mmg1 rafi693 slooppe sohambakore korsanye montyshyama quixoticluck triplekill tquentin hack7 ameg-yag amboxer21 sukelluskello pentestbr affilares abhiunix ksanchezcld masterscott hello-xbugs m1tange laowang1026 alchemycyberblaze mushfiqur47 f4lc0ntn venkata16924b pentest-tools sgrimaldi93 deepwebhacker mrcraniums 5l1v3r1 febna-vm hehacks securitym0nk halienm ingenieur225 polling-repo-continua hollow667 zorroroot hellmanboys hamzasaeed2029

xsrfprobe's Issues

No console output after running in Windows 10 cmd window.

Describe the bug

No console output after running in Windows 10 x64 2004 cmd window with Python 3.7.8.

Command You Used

pip3 install xsrfprobe
C:\Python37\python C:\Python37\Lib\site-packages\xsrfprobe\xsrfprobe.py --help
py -3 xsrfprobe.py --help
python xsrfprobe.py --help
python3 xsrfprobe.py --help

Full Stack Trace Error

None

Potential cause or fix

Googling suggests setting Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\InheritConsoleHandles to 0, 1 or deleting the key, but this doesn't help.

Environment:

OS: Windows 10 x64 2004
Python version: 3.7.8

Some Questions

I am using the latest version of XSFRProbe.
I installed the dependecies using pip3 instead of pip.
I have read the documentation before submitting this issue.
I have checked the other issues to see if someone reported this before.

Other stuff

[Something else you want the author to know?]

[Enhancement] Add support for check of one endpoint only

Hi again,

Thank you again for your awesome work. However, it is a bit of crappy for XSRFProbe to scan the whole website and crawl and submit tokens/forms and other stuff. But it would be good if we could supply an URL and make XSRFProbe test the endpoint exclusively for CSRF vulnerabilities.

Crashes after pip install

Describe the bug

pip install went right, after that I got the following error:
[!] Testing site www.google.nl status...
[+] Site seems to be up!
[-] Exception Caught: list index out of range

Command You Used

xsrfprobe -u https://www.google.nl (and some variations)

Full Stack Trace Error

[Add screenshots or paste terminal output trace error to help explain your problem.

Potential cause or fix

[Do you know what could be causing the problem or how to fix it?]

Environment:

OS: kali linux
Python version: 3.10.9

Some Questions

I am using the latest version of XSFRProbe.
I installed the dependecies using pip3 instead of pip.
I have read the documentation before submitting this issue.
I have checked the other issues to see if someone reported this before.

[Bug] => UnicodeEncodeError: 'charmap' codec can't encode character '\uff3c'

Describe the bug

This is a UnicodeEncodeError bug caused due to improper usage of unicode and ascii characters.

Command You Used

$ python3 xsrfprobe.py -u http://xxxxxxx.xxx/csrf/

Full Stack Trace Error

     _____       _____       _____      _____       _____
  __|__   |_  __|___  |_  __|___  |_  _|____ |_   _|____ |_  _____   _____  ______  ______
 \  `  /    ||   ___|   ||  _  _|   ||   ___|  | |   _  |  ||  _ ,' /     \|  _   )|   ___|
  >   <     | `-.`-.    ||     \    ||   ___|  | |    __|  ||     \ |  -  || |_  { |   ___|
Traceback (most recent call last):
  File "xsrfprobe.py", line 13, in <module>
    main.Engine()  # start the Scanner Engine ;)
  File "C:\Users\user\Videos\Captures\xsrfprobe\core\main.py", line 68, in Engine
    banner()  # Print the banner
  File "C:\Users\user\Videos\Captures\xsrfprobe\core\banner.py", line 29, in banner
    print(color.RED+' /__/__\   '+color.ORANGE+'_|'+color.RED+'|______|  '+color.ORANGE+'_|'+color.RED+'|__|\__\ '+color.ORANGE+' _|'+color.RED+'|___|   '+color.ORANGE+' _|'+color.RED+' |___|   '+color.ORANGE+' _|'+color.RED+'|__|\__\\uff3c____/|______)|______| ')
  File "C:\Python37\lib\encodings\cp1252.py", line 19, in encode
    return codecs.charmap_encode(input,self.errors,encoding_table)[0]
UnicodeEncodeError: 'charmap' codec can't encode character '\uff3c' in position 68: character maps to <undefined>

Potential cause or fix

Use only ASCII characters. I'll help you out with a PR.

Environment:

OS: Windows 10
Python version: v3.7

Some Questions

I am using the latest version of XSFRProbe.
I installed the dependecies using pip3 instead of pip.
I have read the documentation before submitting this issue.
I have checked the other issues to see if someone reported this before.

Other stuff

[Something else you want the author to know?]

--exclude command doesnt work

Describe the bug

When using --exclude command the tool breaks

Command You Used

xsrfprobe -u "http://192.168.1.1/cgi-bin/luci/admin/status" --cookie "sysauth=a0ab02bc860607be5aa506752c1aaf05" --crawl -d 10 -t 10 -E logout/

Full Stack Trace Error

Traceback (most recent call last):
File "/usr/local/bin/xsrfprobe", line 4, in
import('pkg_resources').run_script('xsrfprobe==2.3.1', 'xsrfprobe')
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 667, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 1470, in run_script
exec(script_code, namespace, namespace)
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/EGG-INFO/scripts/xsrfprobe", line 15, in
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/xsrfprobe.py", line 13, in startEngine
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 655, in _load_unlocked
File "", line 618, in _load_backward_compatible
File "", line 259, in load_module
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/core/main.py", line 34, in
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 655, in _load_unlocked
File "", line 618, in _load_backward_compatible
File "", line 259, in load_module
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/core/options.py", line 148, in
AttributeError: 'list' object has no attribute 'strip'

Potential cause or fix

[Do you know what could be causing the problem or how to fix it?]

Environment:

OS: [Ubuntu 20.04.1 LTS]
Python version: [e.g. v3.8.5]

Some Questions

I am using the latest version of XSFRProbe. Yes: v2.3.1
I installed the dependecies using pip3 instead of pip. yes
I have read the documentation before submitting this issue. yes
I have checked the other issues to see if someone reported this before. yes

Other stuff

[Something else you want the author to know?]

[N/A] => Tested

Tested in in websites with 100% CSRF vuln.
Can you please provide website where it gives positive result?

[Bug] => No cookie return type exception

Describe the bug

When a site does not set cookies, XSRFProbe stops execution due to absence of missing cookies which return Nonetype thus causing a raw unhandled exception out of the blue.

Command You Used

python3 xsrfprobe.py -u http://hack-yourself-first.com/Account/changePassword

Full Stack Trace Error

Traceback (most recent call last):
  File "xsrfprobe.py", line 15, in <module>
    main.Engine()  # start the Scanner Engine ;)
  File "C:\Users\user\Videos\xsrfprobe\xsrfprobe\core\main.py", line 143, in Engine
    Cookie(url, r1)
  File "C:\Users\user\Videos\xsrfprobe\xsrfprobe\modules\Cookie.py", line 33, in Cookie
    Persistence(url, request)
  File "C:\Users\user\Videos\xsrfprobe\xsrfprobe\modules\Persistence.py", line 122, in Persistence
    VulnLogger(url, 'Persistent Session Cookies Found.', '[i] Cookie: '+req.headers.get('Set-Cookie'))
TypeError: can only concatenate str (not "NoneType") to str

Potential cause or fix

Maybe handling the error properly?

Environment:

OS: Kali Rolling 2018.3
Python version: v3.7

Some Questions

I am using the latest version of XSFRProbe.
I installed the dependecies using pip3 instead of pip.
I have read the documentation before submitting this issue.
I have checked the other issues to see if someone reported this before.

Other stuff

[Something else you want the author to know?]

can't install in windows 10

can you please demonstrate how to install it

[Bug] => Error when using IP address

Describe the bug

The bug concerned here is when using IP address instead of a domain, the program won't start nd would bug out with the error tld.exceptions.TldDomainNotFound.

Command You Used

python3 xsrfprobe.py -u http://192.168.43.182/dvwa/vulnerabilities/csrf -c "PHPSESSID=dece0c0"

Full Stack Trace Error

Traceback (most recent call last):
  File "xsrfprobe.py", line 12, in <module>
    from core import main  # import stuff
  File "C:\Users\user\Videos\xsrfprobe\core\main.py", line 33, in <module>
    from core.options import *
  File "C:\Users\user\Videos\xsrfprobe\core\options.py", line 162, in <module>
    os.makedirs('output/'+tld.get_fld(config.SITE_URL))
  File "C:\Python37\lib\site-packages\tld\utils.py", line 387, in get_fld
    search_private=search_private
  File "C:\Python37\lib\site-packages\tld\utils.py", line 339, in process_url
    raise TldDomainNotFound(domain_name=domain_name)
tld.exceptions.TldDomainNotFound: Domain 192.168.43.182 didn't match any existing TLD name!

Potential cause or fix

Catching the exception and handling the error as an IP address would resolve the issue.

Environment:

OS: Kali Rolling 2018.3
Python version: v3.7

Some Questions

I am using the latest version of XSFRProbe.
I installed the dependecies using pip3 instead of pip.
I have read the documentation before submitting this issue.
I have checked the other issues to see if someone reported this before.

Other stuff

[Something else you want the author to know?]

Import Issue in startEngine

Traceback (most recent call last):
File "/home/Username/.local/bin/xsrfprobe", line 15, in
xsrfprobe.startEngine()
File "/home/Username/.local/lib/python2.7/site-packages/xsrfprobe/xsrfprobe.py", line 13, in startEngine
from xsrfprobe.core import main # import stuff
ImportError: No module named core

Please Help in solving this issue

[Bug] => Execution Breaking due to Unhandled Exception.

Describe the bug

Connection Aborted/ Connection Refused.

Command You Used

It can be reproduced by any command when site is un-responsive.

Full Stack Trace Error

 [!] Testing site example.com status...
 [+] Site seems to be up!
 [!] Testing  endpoint status...
Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/urllib3/connection.py", line 171, in _new_conn
    (self._dns_host, self.port), self.timeout, **extra_kw)
  File "/usr/local/lib/python3.6/dist-packages/urllib3/util/connection.py", line 79, in create_connection
    raise err
  File "/usr/local/lib/python3.6/dist-packages/urllib3/util/connection.py", line 69, in create_connection
    sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 600, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 354, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python3.6/http/client.py", line 1239, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib/python3.6/http/client.py", line 1285, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.6/http/client.py", line 1234, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.6/http/client.py", line 1026, in _send_output
    self.send(msg)
  File "/usr/lib/python3.6/http/client.py", line 964, in send
    self.connect()
  File "/usr/local/lib/python3.6/dist-packages/urllib3/connection.py", line 196, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python3.6/dist-packages/urllib3/connection.py", line 180, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f6ed533f6d8>: Failed to establish a new connection: [Errno 111] Connection refused

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 638, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python3.6/dist-packages/urllib3/util/retry.py", line 398, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='', port=80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f6ed533f6d8>: Failed to establish a new connection: [Errno 111] Connection refused',))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/root/PenTest/Audit/XSRFProbe/core/inputin.py", line 40, in inputin
    requests.get(web)
  File "/usr/local/lib/python3.6/dist-packages/requests/api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/requests/api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python3.6/dist-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python3.6/dist-packages/requests/adapters.py", line 516, in send
    raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='example.com', port=80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f6ed533f6d8>: Failed to establish a new connection: [Errno 111] Connection refused',))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "xsrfprobe.py", line 13, in <module>
    main.Engine()  # start the Scanner Engine ;)
  File "/root/PenTest/Audit/XSRFProbe/core/main.py", line 70, in Engine
    web, fld = inputin()  # Take the input
  File "/root/PenTest/Audit/XSRFProbe/core/inputin.py", line 52, in inputin
    verbout(R, 'Connection Aborted : '+main_url)
NameError: name 'main_url' is not defined

Potential cause or fix

PR #21 fixes it.

Environment:

OS: Kali Rolling
Python version: v3

Some Questions

I am using the latest version of XSFRProbe.
I installed the dependecies using pip3 instead of pip.
I have read the documentation before submitting this issue.
I have checked the other issues to see if someone reported this before.

Other stuff

The site is unresponsive, however the bug should be handled properly which it isn't. So this is a bug as pointed out by @sumgro in #17.

[Bug] => Crashed when reading Chinese

[+] Crawling :> http://www.xxxxx.xx.xxx.xx/xxx.pdf
Traceback (most recent call last):
  File "xsrfprobe.py", line 14, in <module>
    xsrf_main() # the true start of the program ;)
  File "/home/opabravo/sec/XSRFProbe/core/xsrf_main.py", line 57, in xsrf_main
    soup=crawler.process(web) # start the parser
  File "/home/opabravo/sec/XSRFProbe/modules/Crawler_Handler.py", line 53, in process
    query = self.opener.open(url) # open it
  File "/usr/lib/python3.5/urllib/request.py", line 466, in open
    response = self._open(req, data)
  File "/usr/lib/python3.5/urllib/request.py", line 484, in _open
    '_open', req)
  File "/usr/lib/python3.5/urllib/request.py", line 444, in _call_chain
    result = func(*args)
  File "/usr/lib/python3.5/urllib/request.py", line 1282, in http_open
    return self.do_open(http.client.HTTPConnection, req)
  File "/usr/lib/python3.5/urllib/request.py", line 1254, in do_open
    h.request(req.get_method(), req.selector, req.data, headers)
  File "/usr/lib/python3.5/http/client.py", line 1107, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python3.5/http/client.py", line 1142, in _send_request
    self.putrequest(method, url, **skips)
  File "/usr/lib/python3.5/http/client.py", line 984, in putrequest
    self._output(request.encode('ascii'))
UnicodeEncodeError: 'ascii' codec can't encode characters in position 17-22: ordinal not in range(128)

[Bug] => Improper Cookie Handling

Describe the bug

Cookies not working properly due to wrong code implementation.

Command You Used

xsrfprobe -u host.com -c '_gh_sess=5416546f5g4df65g4df5g46df54gv56c465, a=abbb5656ba'

Full Stack Trace Error

[Add screenshots or paste terminal output trace error to help explain your problem.

Potential cause or fix

Fixing function in options.py#L114

Environment:

OS: Kali Rolling 2018.2
Python version: v3.7

Some Questions

I am using the latest version of XSFRProbe.
I installed the dependecies using pip3 instead of pip.
I have read the documentation before submitting this issue.
I have checked the other issues to see if someone reported this before.

Other stuff

[Something else you want the author to know?]

Cookies and headers not added to all requests

Describe the bug

There are a couple of requests in the core/main.py(86:87) that are issued before parameters processing, thus provided cookies and headers are not applied to them that can cause httperror exceptions (401 in my case).

Command You Used

xsrfprobe --no-verify -vv --malicious --cookie 'session=gGYCowmFLMcxL1dnloxmiVqN7qO5ILak' -u https://ac171f651e1e1a0e80c94df100620040.web-security-academy.net/email

Full Stack Trace Error

 [!] Testing site ac171f651e1e1a0e80c94df100620040.web-security-academy.net status...
 [+] Site seems to be up!
 [!] Testing email endpoint status...
 [+] Endpoint seems to be up!
Traceback (most recent call last):
  File "/usr/local/bin/xsrfprobe", line 4, in <module>
    __import__('pkg_resources').run_script('xsrfprobe==2.2.0', 'xsrfprobe')
  File "/usr/local/lib/python3.7/dist-packages/pkg_resources/__init__.py", line 666, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/usr/local/lib/python3.7/dist-packages/pkg_resources/__init__.py", line 1469, in run_script
    exec(script_code, namespace, namespace)
  File "/usr/local/lib/python3.7/dist-packages/xsrfprobe-2.2.0-py3.7.egg/EGG-INFO/scripts/xsrfprobe", line 15, in <module>
  File "/usr/local/lib/python3.7/dist-packages/xsrfprobe-2.2.0-py3.7.egg/xsrfprobe/xsrfprobe.py", line 14, in startEngine
  File "/usr/local/lib/python3.7/dist-packages/xsrfprobe-2.2.0-py3.7.egg/xsrfprobe/core/main.py", line 90, in Engine
  File "/usr/lib/python3.7/urllib/request.py", line 531, in open
    response = meth(req, response)
  File "/usr/lib/python3.7/urllib/request.py", line 641, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib/python3.7/urllib/request.py", line 569, in error
    return self._call_chain(*args)
  File "/usr/lib/python3.7/urllib/request.py", line 503, in _call_chain
    result = func(*args)
  File "/usr/lib/python3.7/urllib/request.py", line 649, in http_error_default
    raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 401: Unauthorized

Potential cause or fix

Add headers and cookies to first requests.

    hdrs = [('Cookie', ','.join(cookie for cookie in config.COOKIE_VALUE))]
    [hdrs.append((k, v)) for k, v in config.HEADER_VALUES.items()]
    resp1.addheaders = resp2.addheaders = hdrs;
    resp1.open(init1)  # Makes request as User2
    resp2.open(init1)  # Make request as User1

Environment:

OS: [Kali Rolling 2019.4]
Python version: [v3.7.5]

Some Questions

I am using the latest version of XSFRProbe.
I installed the dependecies using pip3 instead of pip.
I have read the documentation before submitting this issue.
I have checked the other issues to see if someone reported this before.

how to run this tool

UnboundLocalError: local variable 'web' referenced before assignment

Describe the bug

UnboundLocalError

Command You Used

xsrfprobe --malicious

Full Stack Trace Error

Traceback (most recent call last):
File "/usr/local/bin/xsrfprobe", line 15, in
xsrfprobe.startEngine()
File "/usr/local/lib/python3.9/site-packages/xsrfprobe/xsrfprobe.py", line 14, in startEngine
main.Engine() # start the Scanner Engine ;)
File "/usr/local/lib/python3.9/site-packages/xsrfprobe/core/main.py", line 71, in Engine
web, fld = inputin() # Take the input
File "/usr/local/lib/python3.9/site-packages/xsrfprobe/core/inputin.py", line 30, in inputin
if 'http' not in web: # add protocol to site
UnboundLocalError: local variable 'web' referenced before assignment

Environment:

Darwin myyagis 20.3.0 Darwin Kernel Version 20.3.0: Thu Jan 21 00:07:06 PST 2021; root:xnu-7195.81.3~1/RELEASE_X86_64 x86_64

python 3.9.7

Some Questions

I am using the latest version of XSFRProbe.
I installed the dependecies using pip3 instead of pip.
I have read the documentation before submitting this issue.
I have checked the other issues to see if someone reported this before.

Other stuff

[Something else you want the author to know?]

[Bug] => Shebang lines are hardcoded to legacy Python

https://github.com/theInfectedDrake/XSRFProbe/search?p=2&q=python2&unscoped_q=python2

local variable 'value' referenced before assignment

Describe the bug

While scanning a page, on Origin based request validation part it encounters an error while crafting inputs as form type.

Command You Used

xsrfprobe -u http://192.168.1.1/cgi-bin/luci/admin/ -c "sysauth=2065fe79a5b0a8ff9712cec650edd834" --crawl -v -t 10 -d 10 -o AnotherTest

Full Stack Trace Error

in errored.log file

Environment:

OS: [Ubuntu 20.04.1 LTS]
Python version: [v3.8.5]

Some Questions

I am using the latest version of XSFRProbe.
I installed the dependecies using pip3 instead of pip.
I have read the documentation before submitting this issue.
I have checked the other issues to see if someone reported this before.

i have problem

Is your feature request related to a problem? Please describe.

[A clear and concise description of what the problem is. Ex. I'm always frustrated when ...]

Describe the solution you'd like

[A clear and concise description of what you want to happen.]
File "/usr/local/bin/xsrfprobe", line 4, in
import('pkg_resources').run_script('xsrfprobe==2.3.1', 'xsrfprobe')
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 667, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 1471, in run_script
exec(script_code, namespace, namespace)
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/EGG-INFO/scripts/xsrfprobe", line 15, in
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/xsrfprobe.py", line 14, in startEngine
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/core/main.py", line 96, in Engine
File "/usr/lib/python3.8/urllib/request.py", line 531, in open
response = meth(req, response)
File "/usr/lib/python3.8/urllib/request.py", line 640, in http_response
response = self.parent.error(
File "/usr/lib/python3.8/urllib/request.py", line 563, in error
result = self._call_chain(*args)
File "/usr/lib/python3.8/urllib/request.py", line 502, in _call_chain
result = func(*args)
File "/usr/lib/python3.8/urllib/request.py", line 755, in http_error_302
return self.parent.open(new, timeout=req.timeout)
File "/usr/lib/python3.8/urllib/request.py", line 531, in open
response = meth(req, response)
File "/usr/lib/python3.8/urllib/request.py", line 640, in http_response
response = self.parent.error(
File "/usr/lib/python3.8/urllib/request.py", line 569, in error
return self._call_chain(*args)
File "/usr/lib/python3.8/urllib/request.py", line 502, in _call_chain
result = func(*args)
File "/usr/lib/python3.8/urllib/request.py", line 649, in http_error_default
raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 429: Too Many Requests

Additional context

[Add any other context or screenshots about the feature request here.]

[Bug] => Improper Windows Output

Describe the bug

When the tool is run on windows based systems, the output printed on terminal is uneven and improper without any proper hashmarks.

Command You Used

No specific command. Reproducible on any command on windows based systems.

Terminal Output

Proceeding to test cookie persistence on POST Requests...
No persistent session cookies identified upon POST Requests!
 [+] Endpoint might be  NOT VULNERABLE  to CSRF attacks!
 [+] Detected :  No Persistent Cookies
Proceeding to test cookie persistence via User-Agent Alteration...
Setting custom generic headers...
Using User-Agent : Chrome on Windows 8.1
Value : Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
Processing the GET Request...

Potential cause or fix

It can be easily solved by escaping the ANSI sequnces with null. PR #23 fixes it. :)

Environment:

OS: Windows 10
Python version: v3.7

Some Questions

I am using the latest version of XSFRProbe.
I installed the dependecies using pip3 instead of pip.
I have read the documentation before submitting this issue.
I have checked the other issues to see if someone reported this before.

Other stuff

Neh.

SSLCertVerificationError, --no-verify option is not honored

Describe the bug

The --no-verify option is not checked when making requests in the core/main.py and in the core/inputin.py

requests.get(web)

Command You Used

First, I proxied the terminal through the ZAP proxy

export https_proxy="http://localhost:8082"

Then run

xsrfprobe --no-verify -vv --malicious --cookie 'session=gGYCowmFLMcxL1dnloxmiVqN7qO5ILak' -u https://ac171f651e1e1a0e80c94df100620040.web-security-academy.net/email

Full Stack Trace Error

 Traceback (most recent call last):
  File "/usr/lib/python3.7/urllib/request.py", line 1317, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))
  File "/usr/lib/python3.7/http/client.py", line 1252, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib/python3.7/http/client.py", line 1298, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.7/http/client.py", line 1247, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.7/http/client.py", line 1026, in _send_output
    self.send(msg)
  File "/usr/lib/python3.7/http/client.py", line 966, in send
    self.connect()
  File "/usr/lib/python3.7/http/client.py", line 1422, in connect
    server_hostname=server_hostname)
  File "/usr/lib/python3.7/ssl.py", line 423, in wrap_socket
    session=session
  File "/usr/lib/python3.7/ssl.py", line 870, in _create
    self.do_handshake()
  File "/usr/lib/python3.7/ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1076)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "./start.py", line 15, in <module>
    xsrfprobe.startEngine()
  File "/home/nyzen/tools/XSRFProbe/xsrfprobe/xsrfprobe.py", line 14, in startEngine
    main.Engine()  # start the Scanner Engine ;)
  File "/home/nyzen/tools/XSRFProbe/xsrfprobe/core/main.py", line 98, in Engine
    resp2.open(init1)  # Make request as User1
  File "/usr/lib/python3.7/urllib/request.py", line 525, in open
    response = self._open(req, data)
  File "/usr/lib/python3.7/urllib/request.py", line 543, in _open
    '_open', req)
  File "/usr/lib/python3.7/urllib/request.py", line 503, in _call_chain
    result = func(*args)
  File "/usr/lib/python3.7/urllib/request.py", line 1360, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "/usr/lib/python3.7/urllib/request.py", line 1319, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1076)>

Potential cause or fix

Inputin.py should be easy:

requests.get(web, verify=VERIFY_CERT)

main.py is more difficult. I did not come up with something short and graceful so far

    Cookie0 = http.cookiejar.CookieJar()  # First as User1
    Cookie1 = http.cookiejar.CookieJar()  # Then as User2
    if not config.VERIFY_CERT:
        context=ssl._create_unverified_context()
        sslHandler = urllib.request.HTTPSHandler(context=context)
        resp1 = build_opener(HTTPCookieProcessor(Cookie0), sslHandler)
        resp2 = build_opener(HTTPCookieProcessor(Cookie1), sslHandler) 
        # resp1.add_handler(sslHandler)  -----> this won't work unfortunately, because there will be multiple HTTPSHandlers
        # resp2.add_handler(sslHandler)
    else:
        resp1 = build_opener(HTTPCookieProcessor(Cookie0))
        resp2 = build_opener(HTTPCookieProcessor(Cookie1))

Environment:

OS: [Kali Rolling 2019.4]
Python version: [v3.7.5]

Some Questions

I am using the latest version of XSFRProbe.
I installed the dependecies using pip3 instead of pip.
I have read the documentation before submitting this issue.
I have checked the other issues to see if someone reported this before.

Crash when self CA handling

Hi,

I'm trying to test my webapp in the dev environment (with a self signed certificate) and I get the following crash:

Traceback (most recent call last):
  File "/usr/lib/python3.6/urllib/request.py", line 1318, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))
  File "/usr/lib/python3.6/http/client.py", line 1254, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib/python3.6/http/client.py", line 1300, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.6/http/client.py", line 1249, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.6/http/client.py", line 1036, in _send_output
    self.send(msg)
  File "/usr/lib/python3.6/http/client.py", line 974, in send
    self.connect()
  File "/usr/lib/python3.6/http/client.py", line 1415, in connect
    server_hostname=server_hostname)
  File "/usr/lib/python3.6/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
  File "/usr/lib/python3.6/ssl.py", line 817, in __init__
    self.do_handshake()
  File "/usr/lib/python3.6/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/xsrfprobe", line 4, in <module>
    __import__('pkg_resources').run_script('xsrfprobe==2.1.1', 'xsrfprobe')
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 658, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 1445, in run_script
    exec(script_code, namespace, namespace)
  File "/usr/local/lib/python3.6/dist-packages/xsrfprobe-2.1.1-py3.6.egg/EGG-INFO/scripts/xsrfprobe", line 15, in <module>
  File "/usr/local/lib/python3.6/dist-packages/xsrfprobe-2.1.1-py3.6.egg/xsrfprobe/xsrfprobe.py", line 14, in startEngine
  File "/usr/local/lib/python3.6/dist-packages/xsrfprobe-2.1.1-py3.6.egg/xsrfprobe/core/main.py", line 86, in Engine
  File "/usr/lib/python3.6/urllib/request.py", line 526, in open
    response = self._open(req, data)
  File "/usr/lib/python3.6/urllib/request.py", line 544, in _open
    '_open', req)
  File "/usr/lib/python3.6/urllib/request.py", line 504, in _call_chain
    result = func(*args)
  File "/usr/lib/python3.6/urllib/request.py", line 1361, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "/usr/lib/python3.6/urllib/request.py", line 1320, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)>

Thank you for your hard work.
Best wishes.

[Bug] => Unhandled Timeout Exception

Describe the bug

There is a bug where the timeout exception is not being handled properly. An unresponsive site with default timeout 7s gives this error.

Command You Used

python3 xsrfprobe.py -u http://xxxxxxxxx.xx/csrf --display --malicious --max-chars 4

Full Stack Trace Error

Traceback (most recent call last):
  File "C:\Python37\lib\site-packages\urllib3\connectionpool.py", line 384, in _make_request
    six.raise_from(e, None)
  File "<string>", line 2, in raise_from
  File "C:\Python37\lib\site-packages\urllib3\connectionpool.py", line 380, in _make_request
    httplib_response = conn.getresponse()
  File "C:\Python37\lib\http\client.py", line 1321, in getresponse
    response.begin()
  File "C:\Python37\lib\http\client.py", line 296, in begin
    version, status, reason = self._read_status()
  File "C:\Python37\lib\http\client.py", line 257, in _read_status
    line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
  File "C:\Python37\lib\socket.py", line 589, in readinto
    return self._sock.recv_into(b)
socket.timeout: timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Python37\lib\site-packages\requests\adapters.py", line 449, in send
    timeout=timeout
  File "C:\Python37\lib\site-packages\urllib3\connectionpool.py", line 638, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "C:\Python37\lib\site-packages\urllib3\util\retry.py", line 367, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "C:\Python37\lib\site-packages\urllib3\packages\six.py", line 686, in reraise
    raise value
  File "C:\Python37\lib\site-packages\urllib3\connectionpool.py", line 600, in urlopen
    chunked=chunked)
  File "C:\Python37\lib\site-packages\urllib3\connectionpool.py", line 386, in _make_request
    self._raise_timeout(err=e, url=url, timeout_value=read_timeout)
  File "C:\Python37\lib\site-packages\urllib3\connectionpool.py", line 306, in _raise_timeout
    raise ReadTimeoutError(self, url, "Read timed out. (read timeout=%s)" % timeout_value)
urllib3.exceptions.ReadTimeoutError: HTTPConnectionPool(host='www.hemsheela.in', port=80): Read timed out. (read timeout=7)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\user\Videos\xsrfprobe\core\request.py", line 79, in Get
    req = requests.get(url, headers=headers, timeout=TIMEOUT_VALUE, stream=False)
  File "C:\Python37\lib\site-packages\requests\api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "C:\Python37\lib\site-packages\requests\api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "C:\Python37\lib\site-packages\requests\sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Python37\lib\site-packages\requests\sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "C:\Python37\lib\site-packages\requests\adapters.py", line 529, in send
    raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: HTTPConnectionPool(host='www.hemsheela.in', port=80): Read timed out. (read timeout=7)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "xsrfprobe.py", line 13, in <module>
    main.Engine()  # start the Scanner Engine ;)
  File "C:\Users\user\Videos\xsrfprobe\core\main.py", line 192, in Engine
    soup = crawler.process(fld)  # Start the parser
  File "C:\Users\user\Videos\xsrfprobe\modules\Crawler.py", line 65, in process
    query = Get(url)  # Open it (to check if it exists)
  File "C:\Users\user\Videos\xsrfprobe\core\request.py", line 100, in Get
    ErrorLogger(main_url, e.__str__())
NameError: name 'main_url' is not defined

Potential cause or fix

Proper handling of the requests.exceptions.ReadTimeout along with proper naming of variable main_url will solve it.

Environment:

OS: Windows 10
Python version: v3.7

Some Questions

I am using the latest version of XSFRProbe.
I installed the dependecies using pip3 instead of pip.
I have read the documentation before submitting this issue.
I have checked the other issues to see if someone reported this before.

Other stuff

I'll make a PR for this. :)

Wrong file format when installing with pip3

Describe the bug

Cannot start the tool after installing with pip3: /usr/bin/env: ‘python3\r’: No such file or directory. I have installed pip through the get-pip.py, not repository.
For some reason /usr/local/bin/xsrfprobe is formatted as Windows file.

Command You Used

xsrfprobe

Environment:

OS: [Kali Rolling 2019.4]
Python version: [v3.7.5]

Some Questions

I am using the latest version of XSFRProbe.
I installed the dependecies using pip3 instead of pip.
I have read the documentation before submitting this issue.
I have checked the other issues to see if someone reported this before.

[Bug] => NameError: 'verbout' not defined

Traceback (most recent call last):
  File "/PEDRO/XSRFProbe/core/inputin.py", line 36, in inputin
    print(O+'Testing '+color.CYAN+web.split('//')[1].split('/', 1)[1]+color.END+' endpoint status...')
IndexError: list index out of range

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "xsrfprobe.py", line 13, in <module>
    main.Engine()  # start the Scanner Engine ;)
  File "/PEDRO/XSRFProbe/core/main.py", line 70, in Engine
    web, fld = inputin()  # Take the input
  File "/PEDRO/XSRFProbe/core/inputin.py", line 53, in inputin
    verbout(R, "Exception Caught: "+e.__str__())
NameError: name 'verbout' is not defined

i want only post requests

I have to make a request to a site that only allows POST requests and your scanner takes me as an invalid website for testing.

massage error DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html

i want to try XSRFprobe i install all dependecies but something happen XSRFprobe wont run error code DeprecationWarning: pkg_resources is deprecated as an API
[A clear and concise description of what the bug is]

[The command you entered into the terminal when you faced this error]

####running install
/usr/local/lib/python3.11/dist-packages/setuptools/_distutils/cmd.py:66: SetuptoolsDeprecationWarning: setup.py install is deprecated.
!!

    ********************************************************************************
    Please avoid running ``setup.py`` directly.
    Instead, use pypa/build, pypa/installer or other
    standards-based tools.

    See https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html for details.
    ********************************************************************************

!!
self.initialize_options()
/usr/local/lib/python3.11/dist-packages/setuptools/_distutils/cmd.py:66: EasyInstallDeprecationWarning: easy_install command is deprecated.
!!

    ********************************************************************************
    Please avoid running ``setup.py`` and ``easy_install``.
    Instead, use pypa/build, pypa/installer or other
    standards-based tools.

    See https://github.com/pypa/setuptools/issues/917 for details.
    ********************************************************************************

!!
self.initialize_options()
running bdist_egg
running egg_info
creating xsrfprobe.egg-info
writing xsrfprobe.egg-info/PKG-INFO
writing dependency_links to xsrfprobe.egg-info/dependency_links.txt
writing requirements to xsrfprobe.egg-info/requires.txt
writing top-level names to xsrfprobe.egg-info/top_level.txt
writing manifest file 'xsrfprobe.egg-info/SOURCES.txt'
reading manifest file 'xsrfprobe.egg-info/SOURCES.txt'
adding license file 'LICENSE'
writing manifest file 'xsrfprobe.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_py
creating build
creating build/lib
creating build/lib/xsrfprobe
copying xsrfprobe/init.py -> build/lib/xsrfprobe
copying xsrfprobe/xsrfprobe.py -> build/lib/xsrfprobe
creating build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Checkpost.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Generator.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Parser.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Encoding.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Analysis.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Tamper.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/init.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Cookie.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Crawler.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Origin.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Referer.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Persistence.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Token.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Debugger.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Entropy.py -> build/lib/xsrfprobe/modules
creating build/lib/xsrfprobe/core
copying xsrfprobe/core/updater.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/init.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/request.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/verbout.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/randua.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/inputin.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/logger.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/options.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/colors.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/forms.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/prettify.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/main.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/banner.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/utils.py -> build/lib/xsrfprobe/core
creating build/lib/xsrfprobe/files
copying xsrfprobe/files/discovered.py -> build/lib/xsrfprobe/files
copying xsrfprobe/files/config.py -> build/lib/xsrfprobe/files
copying xsrfprobe/files/init.py -> build/lib/xsrfprobe/files
copying xsrfprobe/files/paramlist.py -> build/lib/xsrfprobe/files
copying xsrfprobe/files/dcodelist.py -> build/lib/xsrfprobe/files
creating build/bdist.linux-x86_64
creating build/bdist.linux-x86_64/egg
creating build/bdist.linux-x86_64/egg/xsrfprobe
creating build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Checkpost.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Generator.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Parser.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Encoding.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Analysis.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Tamper.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/init.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Cookie.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Crawler.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Origin.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Referer.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Persistence.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Token.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Debugger.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Entropy.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/init.py -> build/bdist.linux-x86_64/egg/xsrfprobe
creating build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/updater.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/init.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/request.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/verbout.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/randua.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/inputin.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/logger.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/options.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/colors.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/forms.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/prettify.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/main.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/banner.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/utils.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
creating build/bdist.linux-x86_64/egg/xsrfprobe/files
copying build/lib/xsrfprobe/files/discovered.py -> build/bdist.linux-x86_64/egg/xsrfprobe/files
copying build/lib/xsrfprobe/files/config.py -> build/bdist.linux-x86_64/egg/xsrfprobe/files
copying build/lib/xsrfprobe/files/init.py -> build/bdist.linux-x86_64/egg/xsrfprobe/files
copying build/lib/xsrfprobe/files/paramlist.py -> build/bdist.linux-x86_64/egg/xsrfprobe/files
copying build/lib/xsrfprobe/files/dcodelist.py -> build/bdist.linux-x86_64/egg/xsrfprobe/files
copying build/lib/xsrfprobe/xsrfprobe.py -> build/bdist.linux-x86_64/egg/xsrfprobe
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Checkpost.py to Checkpost.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Generator.py to Generator.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Parser.py to Parser.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Encoding.py to Encoding.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Analysis.py to Analysis.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Tamper.py to Tamper.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/init.py to init.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Cookie.py to Cookie.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Crawler.py to Crawler.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Origin.py to Origin.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Referer.py to Referer.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Persistence.py to Persistence.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Token.py to Token.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Debugger.py to Debugger.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Entropy.py to Entropy.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/init.py to init.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/updater.py to updater.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/init.py to init.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/request.py to request.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/verbout.py to verbout.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/randua.py to randua.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/inputin.py to inputin.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/logger.py to logger.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/options.py to options.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/colors.py to colors.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/forms.py to forms.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/prettify.py to prettify.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/main.py to main.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/banner.py to banner.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/utils.py to utils.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/files/discovered.py to discovered.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/files/config.py to config.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/files/init.py to init.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/files/paramlist.py to paramlist.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/files/dcodelist.py to dcodelist.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/xsrfprobe.py to xsrfprobe.cpython-311.pyc
creating build/bdist.linux-x86_64/egg/EGG-INFO
installing scripts to build/bdist.linux-x86_64/egg/EGG-INFO/scripts
running install_scripts
running build_scripts
creating build/scripts-3.11
copying and adjusting xsrfprobe/bin/xsrfprobe -> build/scripts-3.11
changing mode of build/scripts-3.11/xsrfprobe from 644 to 755
creating build/bdist.linux-x86_64/egg/EGG-INFO/scripts
copying build/scripts-3.11/xsrfprobe -> build/bdist.linux-x86_64/egg/EGG-INFO/scripts
changing mode of build/bdist.linux-x86_64/egg/EGG-INFO/scripts/xsrfprobe to 755
copying xsrfprobe.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying xsrfprobe.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying xsrfprobe.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying xsrfprobe.egg-info/requires.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying xsrfprobe.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
zip_safe flag not set; analyzing archive contents...
creating dist
creating 'dist/xsrfprobe-2.3.1-py3.11.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing xsrfprobe-2.3.1-py3.11.egg
Copying xsrfprobe-2.3.1-py3.11.egg to /usr/local/lib/python3.11/dist-packages
Adding xsrfprobe 2.3.1 to easy-install.pth file
Installing xsrfprobe script to /usr/local/bin

Installed /usr/local/lib/python3.11/dist-packages/xsrfprobe-2.3.1-py3.11.egg
Processing dependencies for xsrfprobe==2.3.1
Searching for yattag
Reading https://pypi.org/simple/yattag/
Downloading https://files.pythonhosted.org/packages/75/49/51045efa8c4e42831c80e0031ee4139450347e587e5cda0a731198ed6e36/yattag-1.15.2.tar.gz#sha256=aad9f540bd22dc503e5b5506cc47856facf081aa71fd35f727371b63e1e402bf
Best match: yattag 1.15.2
Processing yattag-1.15.2.tar.gz
Writing /tmp/easy_install-gxbu2wxy/yattag-1.15.2/setup.cfg
Running yattag-1.15.2/setup.py -q bdist_egg --dist-dir /tmp/easy_install-gxbu2wxy/yattag-1.15.2/egg-dist-tmp-nag2bd69
/usr/local/lib/python3.11/dist-packages/setuptools/_distutils/cmd.py:66: SetuptoolsDeprecationWarning: setup.py install is deprecated.
!!

    ********************************************************************************
    Please avoid running ``setup.py`` directly.
    Instead, use pypa/build, pypa/installer or other
    standards-based tools.

    See https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html for details.
    ********************************************************************************

!!
self.initialize_options()
zip_safe flag not set; analyzing archive contents...
Adding yattag 1.15.2 to easy-install.pth file
detected new path './xsrfprobe-2.3.1-py3.11.egg'

Installed /usr/local/lib/python3.11/dist-packages/yattag-1.15.2-py3.11.egg
Searching for stringdist
Reading https://pypi.org/simple/stringdist/
Downloading https://files.pythonhosted.org/packages/85/f0/c56cbe92b4b06fbc7adaa81917ad34d7027834e166fff2d2db73961c67fa/StringDist-1.0.9.tar.gz#sha256=91e6d4a348223db094d029e7e3de9ce89c561738047555dfad60ff5ccb7a5b74
Best match: StringDist 1.0.9
Processing StringDist-1.0.9.tar.gz
Writing /tmp/easy_install-435izjmw/StringDist-1.0.9/setup.cfg
Running StringDist-1.0.9/setup.py -q bdist_egg --dist-dir /tmp/easy_install-435izjmw/StringDist-1.0.9/egg-dist-tmp-8yd36azo
/usr/local/lib/python3.11/dist-packages/setuptools/_distutils/cmd.py:66: SetuptoolsDeprecationWarning: setup.py install is deprecated.
!!

    ********************************************************************************
    Please avoid running ``setup.py`` directly.
    Instead, use pypa/build, pypa/installer or other
    standards-based tools.

    See https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html for details.
    ********************************************************************************

!!
self.initialize_options()
zip_safe flag not set; analyzing archive contents...
pycache.cstringdist.cpython-311: module references file
Adding StringDist 1.0.9 to easy-install.pth file
detected new path './yattag-1.15.2-py3.11.egg'

Installed /usr/local/lib/python3.11/dist-packages/StringDist-1.0.9-py3.11-linux-x86_64.egg
Searching for tld==0.11.11
Best match: tld 0.11.11
Adding tld 0.11.11 to easy-install.pth file
detected new path './StringDist-1.0.9-py3.11-linux-x86_64.egg'

Using /usr/lib/python3/dist-packages
Searching for bs4==0.0.1
Best match: bs4 0.0.1
Adding bs4 0.0.1 to easy-install.pth file

Using /usr/local/lib/python3.11/dist-packages
Searching for requests==2.31.0
Best match: requests 2.31.0
Adding requests 2.31.0 to easy-install.pth file

Using /usr/lib/python3/dist-packages
Searching for beautifulsoup4==4.12.2
Best match: beautifulsoup4 4.12.2
Adding beautifulsoup4 4.12.2 to easy-install.pth file

Using /usr/lib/python3/dist-packages
Searching for soupsieve==2.5
Best match: soupsieve 2.5
Adding soupsieve 2.5 to easy-install.pth file

Using /usr/lib/python3/dist-packages
Finished processing dependencies for xsrfprobe==2.3.1

[~/Desktop/XSRFProbe]
└─$ xsrfprobe --help
/usr/local/bin/xsrfprobe:4: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html
import('pkg_resources').run_script('xsrfprobe==2.3.1', 'xsrfprobe')
Traceback (most recent call last):
File "/usr/local/bin/xsrfprobe", line 4, in
import('pkg_resources').run_script('xsrfprobe==2.3.1', 'xsrfprobe')
File "/home/whitedragon/.local/lib/python3.11/site-packages/pkg_resources/init.py", line 722, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/home/whitedragon/.local/lib/python3.11/site-packages/pkg_resources/init.py", line 1548, in run_script
raise ResolutionError(
pkg_resources.ResolutionError: Script 'scripts/xsrfprobe' not found in metadata at '/home/whitedragon/.local/lib/python3.11/site-packages/xsrfprobe-2.3.1.dist-info'

sorry about lack of english language im not good in english language
hope you can fix this
[Add screenshots or paste terminal output trace error to help explain your problem.

Potential cause or fix

[Do you know what could be causing the problem or how to fix it?]

Environment:

OS: [e.g. Kali linux virtual box 2023.3]
Python version: [e.g. v3.11]

Some Questions

I am using the latest version of XSFRProbe.
I installed the dependecies using pip3 instead of pip.
I have read the documentation before submitting this issue.
I have checked the other issues to see if someone reported this before.

Other stuff

[Something else you want the author to know?]

[Bug] => NameError: global name 'cookielib' is not defined

I am using python2.7 to run the code from the repository.
The cookie values are not accepted if given in input. If there is no value given

Enter target address :> http://xyz.in
 [!] Testing site status...
 [+] Site seems to be up!
 [$] Got any cookies? [Enter for None] :> 
Traceback (most recent call last):
  File "xsrfprobe.py", line 14, in <module>
    xsrf_main() # the true start of the program ;)
  File "/home/XSRFProbe/core/xsrf_main.py", line 28, in xsrf_main
    Cookie0 = cookielib.CookieJar() # cookies ummm...
NameError: global name 'cookielib' is not defined

Do let me know if you need additional information.

[Bug] => Python 3 treats TabErrors as syntax errors

flake8 testing of https://github.com/theInfectedDrake/XSRFProbe on Python 3.7.0

$ flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics

./core/xsrf_main.py:58:47: E999 TabError: inconsistent use of tabs and spaces in indentation
			soup=crawler.process(web) # start the parser
                                              ^
1     E999 TabError: inconsistent use of tabs and spaces in indentation
1

Inventory notification

XSRFProbe has been inventoried on Rawsec's CyberSecurity Inventory.

https://inventory.rawsec.ml/tools.html#XSRFProbe

What is Rawsec's CyberSecurity Inventory?

An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.

More details about features here.

Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.

Why should you care about being inventoried?

Mainly because this is giving visibility to your tool and improve its referencing.

Badges

The badge shows to your community that your are inventoried. It looks good but also shows you care about your project, that your tool is referenced.

Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.

Want to thank us?

If you want to thank us, you can help make our open project better known by tweeting about it! For example:

So what?

That's all, this message is just to notify you if you care. Else you can close this issue.

Tool does not work if you insert the localhost as the url

Describe the bug

While trying to scan a website on my local machine http://127.0.0.1:3000 the tool does not seem to work, it displays to me an error that says " Domain 127.0.0.1 didn't match any existing TLD name!".

Command You Used

I have tried two commands:
sudo xsrfprobe -u http://127.0.0.1:3000
sudo xsrfprobe -u http://localhost:3000

Full Stack Trace Error

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/core/options.py", line 170, in <module>
  File "/usr/lib/python3/dist-packages/tld/utils.py", line 366, in get_fld
    domain_parts, non_zero_i, parsed_url = process_url(
  File "/usr/lib/python3/dist-packages/tld/utils.py", line 316, in process_url
    raise TldDomainNotFound(domain_name=domain_name)
tld.exceptions.TldDomainNotFound: Domain 127.0.0.1 didn't match any existing TLD name!

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/xsrfprobe", line 4, in <module>
    __import__('pkg_resources').run_script('xsrfprobe==2.3.1', 'xsrfprobe')
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 667, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 1471, in run_script
    exec(script_code, namespace, namespace)
  File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/EGG-INFO/scripts/xsrfprobe", line 15, in <module>
  File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/xsrfprobe.py", line 13, in startEngine
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 618, in _load_backward_compatible
  File "<frozen zipimport>", line 259, in load_module
  File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/core/main.py", line 34, in <module>
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 618, in _load_backward_compatible
  File "<frozen zipimport>", line 259, in load_module
  File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/core/options.py", line 176, in <module>
AttributeError: 'NoneType' object has no attribute 'group'

Potential cause or fix

Maybe add an exception to the localhost domain?

Environment:

OS: [ Kali Rolling 2020.2 on Dockers]
Python version: [Python 3.8.3]

Other stuff

Besides from that, I would like to thank you for making such a cool tool !!!

[Inquiry] Exception Caught: list index out of range Meaning

Hello,

I was trying to run this tool into one of our web applications and got an "Exception Caught: list index out of range" result.
Our web application was installed in another PC and can be accessed using its IP via specific port.
If I include the port, the result is "Site seems to be down..." and if I exclude the port, I'll get "Exception Caught: list index out of range"

Can someone help me figure out how to use this tool effectively?

Thank you very much.