CSRF Discoverer – A Chrome extension

A (possibly) unprotected form, detected by CSRF Discoverer.
A (possibly) unprotected form, detected by CSRF Discoverer.

It uses a heuristic approach to decide whether or not a form contains an element that looks like a CSRF token. Developers can configure the heuristics on the settings page of the tool.

The CSRF Discoverer settings page.
The CSRF Discoverer settings page.

Keep in mind that it is by no means a waterproof method. It is bound to have plenty of false positives and negatives, so use with care.

Download

 

Leave a Reply

Your email address will not be published. Required fields are marked *