getting more polished

Author: stealthcopter

README.md

@@ -6,23 +6,23 @@ Transform intercepted requests into ready-to-use exploit scripts instantly! This
 
 ## 🚀 Key Features
 
-* **Multi-language Support**: Generate exploits in Python, Node.js, Ruby, and Bash/cURL
-* **One-Click Generation**: Convert any intercepted request into working exploit code
+* **Multi-language Support**: Generate exploits in Python, JavaScript and Bash/cURL (more languages coming soon!)
+* **Instant Generation**: Convert any intercepted or edited request into working exploit code
 * **Clean Code Output**: Get properly formatted, production-ready scripts
-* **Framework Integration**: Uses popular frameworks like Requests, Axios, and Net::HTTP
+* **Framework Integration**: Uses popular frameworks like Requests, fetch etc.
 * **Smart Request Parsing**: Automatically handles headers, parameters, and content types
 
 Perfect for security researchers, penetration testers, and bug bounty hunters who want to quickly validate and demonstrate vulnerabilities. Save time on exploit development and focus on what matters - finding security issues!
 
 ## Feature Requests
 
-If you have a language or framework you would find useful but it's missing from here, please open an [feature request](https://github.com/BugBountyzip/CaidoCSRF/issues/new).
+If you have a language or framework you would like adding please open an [feature request](https://github.com/BugBountyzip/CaidoCSRF/issues/new).
 
-The intention with this plugin is to make it as simple as possible to add more languages and frameworks. This will likely move to a basic templating language to allow user-defined templates, but let's see if anyone actually uses this first.
+The intention with this plugin is to make it as simple as possible to add more languages and frameworks via user-defined templates, but let's see if anyone actually uses this first.
 
 ## Usage
 
-1. Install the plugin from Caido's plugin store (or download the zip from this github repo)
+1. ~~Install the plugin from Caido's plugin store or~~ (coming soon 🤞) download the zip from the [releases page](https://github.com/stealthcopter/CaidoExploitGenerator/releases) and install in Caido
 2. Right-click on a request in Caido
 3. Select the PoC Generator button
 4. Choose your desired CSRF payload type from the dropdown
@@ -36,27 +36,90 @@ The intention with this plugin is to make it as simple as possible to add more l
 
 ## Output Example
 
+See below for some examples of the generated exploit scripts from a request:
+
+### Python / Requests
+
 ```python
 import requests
 
-def exploit():
-  headers = {
-    "Cookie": "hidufhoiauhfoiuhaiofhoafsa",
-  }
-  data = {
-    "data[wp-refresh-metabox-loader-nonces][post_id]": "187",
-    "data[wp-refresh-post-lock][lock]": "1744145293:2",
-    "data[wp-refresh-post-lock][post_id]": "187",
-    "interval": "10",
-    "screen_id": "post",
-    "has_focus": "true",
-  }
-  r = requests.post('https://target.domain.com/vulnerable.php', headers=headers, data=data)
+url = 'https://stealthcopter.com/testing/endpoint'
+
+headers = {
+    'Cookie': 'secret=155ee356-23a6-11f0-af46-678665dcd42c',
+    'X-Forwarded-For': '127.0.0.1'
+}
 
-  print(r.status_code)
-  print(r.text)
+data = {
+    'action': 'delete',
+    'csrf': '7e5dbebc12',
+    'file': '/etc/passwd'
+}
 
-  return r.ok
+r = requests.post(url, headers=headers, data=data)
 
-exploit()
+print(r.status_code)
+print(r.text)
 ```
+
+### JavaScript / Fetch
+
+```javascript
+const url = 'https://stealthcopter.com/json/store/v1/checkout?_locale=en'
+
+let body = JSON.stringify({
+  "billing_address": {
+    "first_name": "Test",
+    "last_name": "Testerton",
+    "company": "",
+    "address_1": "123 Addressington Lane",
+    "address_2": "Testington upon Twine",
+    "city": "Biscuiton",
+    "state": "CA",
+    "postcode": "14125",
+    "country": "US",
+    "email": "[email protected]",
+    "phone": "123456789"
+  },
+  "create_account": false,
+  "account_no": 2857915,
+  "customer_password": null,
+  "payment_data": [
+    {
+      "key": "new-payment-method",
+      "value": false
+    }
+  ]
+})
+
+const options = {
+    method: 'POST',
+    headers: {      
+      'Content-Type':'application/json',
+      'Cookie': 'PHPSESSID=vmnuns3bgtvf69nbs7ne4vjt9o;',
+    },
+    body: body,
+  }
+
+try {
+  const response = await fetch(url, options)
+
+  console.log('Status:', response.status)
+  const responseBody = await response.text()
+  console.log('Response:', responseBody)
+} catch (error) {
+  console.error('Error:', error)
+}
+```
+
+### Bash / Curl
+
+```bash
+curl -X POST \
+     -H 'Cookie:secret=155ee356-23a6-11f0-af46-678665dcd42c' \
+     -H 'X-Forwarded-For:127.0.0.1' \
+     -d 'action=delete' \
+     -d 'csrf=7e5dbebc12' \
+     -d 'file=/etc/passwd' \
+     'https://stealthcopter.com/testing/endpoint'
+```

assets/javascript-fetch.hbs

@@ -1,40 +1,35 @@
-const url = '{{escapeSingleQuotes url}}';
+const url = '{{escapeSingleQuotes url}}'
 
-const exploit = async () => {
-  const options = {
-    method: '{{method}}',
-{{#if headers}}
-    headers: {
-  {{#each headers}}
-      '{{escapeSingleQuotes @key}}': '{{escapeSingleQuotes this}}',
-  {{/each}}
-    },
-{{/if}}
 {{#if json}}
-    body: JSON.stringify({{body}})
+let body = JSON.stringify({{body}})
 {{else if params}}
-    body: JSON.stringify({
-  {{#each params}}
-      '{{escapeSingleQuotes @key}}': '{{escapeSingleQuotes this}}',
-  {{/each}}
-    })
+const params = new URLSearchParams()
+{{#each params}}
+params.append('{{escapeSingleQuotes @key}}', '{{escapeSingleQuotes this}}')
+{{/each}}
+let body = params.toString()
 {{else if body}}
-    body: `{{escapeSingleQuotes body}}`
+body = `{{escapeBackticks body}}`
 {{/if}}
-  };
-
-  try {
-    const response = await fetch(url, options);
 
-    console.log('Status:', response.status);
-    const responseBody = await response.text();
-    console.log('Response:', responseBody);
-
-    return response.ok;
-  } catch (error) {
-    console.error('Error:', error);
-    return false;
-  }
-};
+const options = {
+  method: '{{method}}',
+{{#if headers}}
+  headers: {      {{#if json}}
+    'Content-Type':'application/json',{{/if}}
+    {{#each headers}}
+    '{{escapeSingleQuotes @key}}': '{{escapeSingleQuotes this}}',
+    {{/each}}
+  },
+{{/if}}
+  body: body,
+}
 
-exploit();
+try {
+  const response = await fetch(url, options)
+  console.log('Status:', response.status)
+  const responseBody = await response.text()
+  console.log('Response:', responseBody)
+} catch (error) {
+  console.error('Error:', error)
+}

assets/python-requests.hbs

@@ -1,24 +1,19 @@
 import requests
 
-def exploit():
-  url = '{{escapeSingleQuotes url}}'
+url = '{{escapeSingleQuotes url}}'
 
-  {{#if headers}}
-  headers = {{dict headers}}
-  {{/if}}
-  {{#if params}}
-  data = {{dict params}}
-  {{else if json}}
-  data = {{ body }}
-  {{else}}
-  data = '''{{ escapeSingleQuotes body }}'''
-  {{/if}}
+{{#if headers}}
+headers = {{dict headers}}
+{{/if}}
+{{#if params}}
+data = {{dict params}}
+{{else if json}}
+data = {{ body }}
+{{else}}
+data = '''{{ escapeSingleQuotes body }}'''
+{{/if}}
 
-  r = requests.{{toLowerCase method}}(url, {{#if headers}}headers=headers, {{/if}}{{#if json}}json{{else}}data{{/if}}=data)
+r = requests.{{toLowerCase method}}(url, {{#if headers}}headers=headers, {{/if}}{{#if json}}json{{else}}data{{/if}}=data)
 
-  print(r.status_code)
-  print(r.text)
-
-  return r.ok
-
-exploit()
+print(r.status_code)
+print(r.text)

assets/requests/basic.http

@@ -0,0 +1,13 @@
+POST /testing/endpoint HTTP/1.1
+Host: stealthcopter.com
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: secret=155ee356-23a6-11f0-af46-678665dcd42c
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 46
+X-Forwarded-For: 127.0.0.1
+
+action=delete&csrf=7e5dbebc12&file=/etc/passwd

assets/requests/json.http

@@ -0,0 +1,35 @@
+POST /json/store/v1/checkout?_locale=en HTTP/1.1
+Host: stealthcopter.com
+User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36
+Accept: application/json, */*;q=0.1
+Content-Type: application/json
+Origin: http://stealthcopter.com
+Referer: http://stealthcopter.com/
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: PHPSESSID=vmnuns3bgtvf69nbs7ne4vjt9o;
+
+{
+  "billing_address": {
+    "first_name": "Test",
+    "last_name": "Testerton",
+    "company": "",
+    "address_1": "123 Addressington Lane",
+    "address_2": "Testington upon Twine",
+    "city": "Biscuiton",
+    "state": "CA",
+    "postcode": "14125",
+    "country": "US",
+    "email": "[email protected]",
+    "phone": "123456789"
+  },
+  "create_account": false,
+  "account_no": 2857915,
+  "customer_password": null,
+  "payment_data": [
+    {
+      "key": "new-payment-method",
+      "value": false
+    }
+  ]
+}

assets/requests/xml.http

@@ -11,12 +11,12 @@ const id = "exploit-generator";
 export default defineConfig({
   id,
   name: "Exploit Generator",
-  description: "Generate Proof of Concept exploit scripts from requests",
-  version: "0.0.2",
+  description: "Generate customizable PoC exploit scripts in multiple languages from HTTP requests.",
+  version: "0.0.3",
   author: {
     name: "stealthcopter",
-    email: "exploit-generator@stealthcopter.com",
-    url: "https://github.com/stealthcopter",
+    email: "exploit-gen@stealthcopter.com",
+    url: "https://github.com/stealthcopter/CaidoExploitGenerator",
   },
   plugins: [
     {
@@ -28,7 +28,7 @@ export default defineConfig({
       kind: 'frontend',
       id: "frontend",
       root: 'packages/frontend',
-      assets: ["assets/*.hbs"],
+      assets: ["assets/*.hbs", "assets/requests/*.http"],
       backend: {
         id: "backend",
       },