Bruteforce CSRF login tool | PythonProject

Tutorials Tools
1

A cool new tool i made in python to Brute Force anti-CSRF-Tokens protected login pages.
Could be useful in some machines here :wink:

https://github.com/J3wker/CSRFbruteforce

Give Respect if you liked it or messages me for improvements :slight_smile:

2

J3wker Hello!
Thanks for the python script!
Appreciate it!

I used it to crack the login credentials of the c******n login page and your script actually found the password but when I tried to login, there’s just a page that has appeared, and it said “Forbidden” “you don’t have permission to access”
Do you why?
Thanks!

3

J3wker, this is great! Thank you very much you have solved the issue that I have been having for a couple days. It found the password after a few seconds.

4

@Orka123 Nothing wrong with the script, the machine/login you are talking about has user/passwords that “work” as login but arent valid for anything

5

No problem guys ! much appreciated !
Script was improved even more - now its generic to any login pages that uses Anti-CSRF Tokens !
I will make it into a BruteForce Framework i think and add offline hashing and more features soon !

Follow my github!

6

thanks for the script

7

Added Threading for extra speed and a better Token Grabber

8

Hi! j3wker ! I don’t why but your script always tell me that something went wrong. It says check wordlist path or request timed out. I checked my wordlist path and its the right one. The request didn’t not time out , I checked it, and it was alright.
Wny is this happening?

9

Contact me via PM and i will help you

10

Just tried this tool.
It’s works just great !!!
Thanks!

11

Great tool! Thank you!

12

Type your comment> @LabMaster said:

J3wker Hello!
Thanks for the python script!
Appreciate it!

I used it to crack the login credentials of the c******n login page and your script actually found the password but when I tried to login, there’s just a page that has appeared, and it said “Forbidden” “you don’t have permission to access”
Do you why?
Thanks!

That’s because the credential found was not right. When you include a ‘white space’ or a special character like “#@%” … the login page redirect you to Forbidden page. That’s not because you found the password.

13

Guys can somebody please tell me why this script always tells me [-] Something went wrong - check wordlist path OR request timed out. I actually dont get. I checked the wordlist path and the request did not time out. Why is this happening?
Thanks
It doesn’t even let me run it normally with : python3 brutecsrf.py
why?>