Hexagon Security Group releases MonkeyFist, a dynamic Request Forgery attack tool. (http://hexsec.com/)
About
MonkeyFist is a tool that creates dynamic request forgeries based on cross-domain data leakage. The tool then constructs a payload based on data in the payloads.xml file and sends it to the user's browser. This may include session data bypassing protection mechanisms for Cross-Site Request Forgery.
Written in
It is written in Python which means it is cross platform. Many operating systems already come with Python installed. The only dependency as of now is that lxml be installed. Currently this is just being used for the fixation payload type.
Read the Dynamic CSRF paper here
http://hexsec.com/docs/Dynamic_CSRF_rev1.pdf/view
More Information
For usage or practical examples, check out the Neohaxor blog.
Best Regards.
No comments:
Post a Comment