Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Security B-Sides London 2014

29th April 2014 (that’s a Tuesday)
Kensington and Chelsea Town Hall, Hornton Street, London, W8 7NX
View analytic
Tuesday, April 29 • 11:45am - 12:30pm
CSRFT, A Toolkit for CSRF vulnerabilities LIMITED

Sign up or log in to save this to your schedule and see who's attending!

Limited Capacity seats available

Cross Site Request Forgery vulnerabilities are a growing danger and yet there aren't virtually any tools allowing for easy and fast proof of concept prototyping.
Therefore, my talk is dedicated to a tool that I'm currently developing to create a generic platform for CSRF vulnerability works.
The project has been developed with Python, js/NodeJS, and configuration files are in JSON format.
I'll also present a HTTP proxy I developed that you can combine with the toolkit to inject malicious iframe in each page the user is browsing.

Moreover, most of the people think that those vulnerabilities are not relevant if the user is not logged into the vulnerable platform.
However, I'll explain how, with my custom toolkit, you can take advantage of those vulnerabilities even if the user is not (yet) connected to the platform.

During the talk, i'll present the tool, its purpose, give several demos on how to use it and show its real strengths such as performing complex CSRF exploitation techniques using custom scenarios designed for the conference.


###

I already presented some of my work at DeepSec but I didn't present the HTTP proxy I developed and how to combine it with my toolkit.
So it will be quite new.

Speakers
avatar for Paul AMAR

Paul AMAR

Student
I am still a student in computer Science and passionate about Information Security. | My main interest for the moment is about Web vulnerabilities.


Tuesday April 29, 2014 11:45am - 12:30pm
Small Hall The Town Hall, Hornton Street, London W8 7NX