This is a Burp extension that is a wrapper around TheRook's CSRF-Request-Builder. More information can be found on his Github page.
For more information on CORS requests, see Mozilla's writeup on HTTP Access Control (CORS)
- Generates HTML & SWF file to use as proof of concept
- Automatically removes blacklisted headers from request
- Preflight Status Check
- Add/Remove Headers
- Headers which will require a preflight request are highlighted in yellow
- Right click on any request within Burp.
- In the context menu, click on "Generate Flash CSRF PoC".
- Make any necessary adjustments.
- Choose where you would like to save the proof of concept files (two files, csrf_poc.html and csrf.swf will be generated).
- Click the Generate button.
- Add the BurpFlashCSRFBuilder-0.1.4.jar located in the target folder to the list of extensions located in the Burp Extender tab.
- Ensure that added headers are not in the blacklist
- Add help icon to explain a preflight
- Add a help icon to show blacklisted headers
Please submit any issues you encounter with the plugin to the repo's Issue Page