Home

Awesome

CSurfer

CSurfer is a CSRF guard hiding extension that keeps track of the latest guard value per session and update new requests accordingly. Also, it allows Burp to be chained with other security scanning tools that are not CSRF-guard aware.

The extension is availble for free on Burp App store (BApp) at:

https://pro.portswigger.net/bappstore/ShowBappDetails.aspx?uuid=086c6af8b24c40a79a5e99b71df10f11

A presentation from Cairo Security Camp Talk explaining the tool is available at:

https://www.dropbox.com/s/gtplhdlrme26b0d/Bypassing%20Anti-CSRF%20Tokens%20With%20Burp%20Extender%20-%20The%20Story%20of%20CSurfer.pdf?dl=1

@Author Saafan, A.