Skip to main content
Glama
telmon95

VulneraMCP

by telmon95
OverviewInspectSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

training.get_csrf_patterns

Extract CSRF attack patterns from training data to identify and test web application vulnerabilities for security assessment.

Instructions

Get all CSRF exploitation patterns from training data

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
techniqueNoSpecific CSRF techniqueall

Implementation Reference

  • src/tools/training_extractor.ts:411-426 (handler)
    The handler function for the 'training.get_csrf_patterns' tool. It filters the pre-loaded CSRF training data by the specified technique (or returns all if 'all') and formats the result.
    async ({ technique = 'all' }: any): Promise<ToolResult> => { try { let patterns = CSRF_TRAINING_DATA; if (technique !== 'all') { patterns = patterns.filter((p) => p.sourceId.includes(technique)); } return formatToolResult(true, { patterns, count: patterns.length, techniques: patterns.map((p) => p.contextData.technique), }); } catch (error: any) { return formatToolResult(false, null, error.message); } }
  • src/tools/training_extractor.ts:397-409 (schema)
    The input schema and description for the 'training.get_csrf_patterns' tool, defining the optional 'technique' parameter.
    { description: 'Get all CSRF exploitation patterns from training data', inputSchema: { type: 'object', properties: { technique: { type: 'string', enum: ['basic', 'content-type', 'method', 'token-bypass', 'referrer', 'all'], description: 'Specific CSRF technique', default: 'all', }, }, },
  • src/tools/training_extractor.ts:395-427 (registration)
    The complete registration of the 'training.get_csrf_patterns' tool using server.tool(), including schema and handler function.
    server.tool( 'training.get_csrf_patterns', { description: 'Get all CSRF exploitation patterns from training data', inputSchema: { type: 'object', properties: { technique: { type: 'string', enum: ['basic', 'content-type', 'method', 'token-bypass', 'referrer', 'all'], description: 'Specific CSRF technique', default: 'all', }, }, }, }, async ({ technique = 'all' }: any): Promise<ToolResult> => { try { let patterns = CSRF_TRAINING_DATA; if (technique !== 'all') { patterns = patterns.filter((p) => p.sourceId.includes(technique)); } return formatToolResult(true, { patterns, count: patterns.length, techniques: patterns.map((p) => p.contextData.technique), }); } catch (error: any) { return formatToolResult(false, null, error.message); } } );
  • src/tools/training_extractor.ts:6-82 (helper)
    Pre-loaded CSRF training data array used by the tool handler to provide patterns for different CSRF techniques.
    const CSRF_TRAINING_DATA = [ { source: 'intigriti', sourceId: 'csrf-basic', vulnerabilityType: 'CSRF', targetPattern: '/api/profile/update', payloadPattern: '<form method="POST"', successPattern: 'email updated|profile updated|success', failurePattern: 'error|invalid|unauthorized', contextData: { technique: 'Basic CSRF', description: 'Simple form-based CSRF attack', example: '<form method="POST" action="https://app.example.com/api/profile/update">', }, score: 7, }, { source: 'intigriti', sourceId: 'csrf-content-type', vulnerabilityType: 'CSRF', targetPattern: '/api/', payloadPattern: 'enctype="text/plain"', successPattern: 'success|updated', failurePattern: 'error|invalid content-type', contextData: { technique: 'Content-Type Bypass', description: 'Bypass JSON-only APIs using text/plain', example: 'enctype="text/plain" with JSON-like payload', }, score: 8, }, { source: 'intigriti', sourceId: 'csrf-method', vulnerabilityType: 'CSRF', targetPattern: '/api/', payloadPattern: 'method="POST"|_method=PUT', successPattern: 'success|updated', failurePattern: 'method not allowed|cors error', contextData: { technique: 'Method-based CSRF', description: 'Change HTTP method to bypass CORS', example: 'Use POST instead of PUT/PATCH', }, score: 7, }, { source: 'intigriti', sourceId: 'csrf-token-bypass', vulnerabilityType: 'CSRF', targetPattern: '/api/', payloadPattern: 'csrf_token=|anti-csrf', successPattern: 'success|updated', failurePattern: 'invalid token|csrf required', contextData: { technique: 'Token Validation Bypass', description: 'Bypass anti-CSRF tokens', methods: ['remove token', 'blank value', 'random value', 'hardcoded valid token'], }, score: 9, }, { source: 'intigriti', sourceId: 'csrf-referrer', vulnerabilityType: 'CSRF', targetPattern: '/api/', payloadPattern: 'no-referrer', successPattern: 'success|updated', failurePattern: 'invalid referrer|referrer required', contextData: { technique: 'Referrer-based Bypass', description: 'Bypass referrer validation', example: '<meta name="referrer" content="no-referrer">', }, score: 8, }, ];

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/telmon95/VulneraMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server