Stops at detecting forms #63
Description
Describe the bug
When i try to use the tool, seems like, on a url that ends with /, it ends at retreaving forms, which the page has, but apparently the tool doesn't think so.
Command You Used
xsrfprobe -u http://127.0.0.1/vulnerabilities/csrf/ -c "PHPSESSID=pee4sgbjm74s57o43h39vevqo0; security=low"
Full Stack Trace Error
_____ _____ _____ _____ _____
__|__ |_ __|___ |_ __|___ |_ _|____ |_ _|____ |_ _____ _____ ______ ______
\ ` / || ___| || _ _| || ___| | | _ | || _ ,' / \| _ )| ___|
> < | `-.`-. || \ || ___| | | __| || \ | - || |_ { | ___|
/__/__\ _||______| _||__|\__\ _||___| _| |___| _||__|\__\\_____/|______)|______|
|_____| |_____| |_____| |_____| |_____|
[---] XSRFProbe, A Cross Site Request Forgery Audit Toolkit [---]
[---] [---]
[---] ~ Author : Pinaki Mondal ~ [---]
[---] ~ github.com / 0xInfection ~ [---]
[---] [---]
[---] ~ Version 2.3.1 ~ [---]
[!] Testing site 127.0.0.1 status...
[+] Site seems to be up!
[!] Testing vulnerabilities/csrf/ endpoint status...
[+] Endpoint seems to be up!
[*] Preparing the request...
[*] Processing the GET Request...
[!] Trying to parse response...
[!] Checking endpoint request validation via Referer Checks...
+--------------------------------------+
| Referer Based Request Validation |
+--------------------------------------+
[!] Making request on normal basis...
[*] Preparing the request...
[*] Processing the GET Request...
[*] Setting generic headers...
[!] Making request with Tampered Referer Header...
[*] Preparing the request...
[*] Processing the GET Request...
[-] Endpoint Referer Validation Not Present!
[-] Heuristics reveal endpoint might be VULNERABLE to Origin Based CSRFs...
[+] Possible CSRF Vulnerability Detected : http://127.0.0.1/vulnerabilities/csrf/!
[+] Possible Vulnerability Type: No Referer Based Request Validation
[!] Confirming the vulnerability...
[!] Confirming endpoint request validation via Origin Checks...
+-------------------------------------+
| Origin Based Request Validation |
+-------------------------------------+
[!] Making request on normal basis...
[*] Preparing the request...
[*] Processing the GET Request...
[*] Setting generic headers...
[!] Making request with Tampered Origin Header...
[*] Preparing the request...
[*] Processing the GET Request...
[-] Endpoint Origin Validation Not Present!
[-] Heuristics reveal endpoint might be VULNERABLE to Origin Based CSRFs...
[+] Possible CSRF Vulnerability Detected : http://127.0.0.1/vulnerabilities/csrf/!
[!] Possible Vulnerability Type: No Origin Based Request Validation
[!] Retrieving all forms on http://127.0.0.1/vulnerabilities/csrf/...
[+] Scan completed!
Potential cause or fix
[Do you know what could be causing the problem or how to fix it?]
Environment:
- OS: Linux docker-desktop 5.15.133.1-microsoft-standard-WSL2
- Python version: 3.10.12
Some Questions
- I am using the latest version of XSFRProbe.
- I installed the dependecies using
pip3instead ofpip. - I have read the documentation before submitting this issue.
- I have checked the other issues to see if someone reported this before.