Burp Suite User Forum

Create new post

How "real world" is the CSRF PoC Generator

anonymouse | Last updated: Oct 28, 2016 01:32PM UTC

So here is my dilemma. I found a website that potentially has a CSRF vulnerability and when I proxy my traffic through Burp, generate the PoC html file, CSRF works. The thing as, as far as I know, the CSRF token isnt being leaked in the real world, which more or less means the CSRF exploit fails because I cant pass the token if I dont have it. Does this mean CSRF is more or less mitigated or is it still something that shouldnt be possible even with this CSRF token?

PortSwigger Agent | Last updated: Oct 28, 2016 03:56PM UTC

The CSRF PoC generator is a useful tool for delivering a working exploit where a CSRF vulnerability is present. The tool doesn't give you any indication as to whether there is a vulnerability present. If you believe that the request requires a CSRF token that is properly generated, handled, and validated, then it presumably isn't vulnerable. Burp Scanner has a built-in check that does report real-world CSRF conditions with a reasonable degree of accuracy (within the limitations of what any automated detection can achieve).

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.