Monday, August 10, 2009

MonkeyFist v0.4 Released

Hexagon Security Group releases MonkeyFist, a dynamic Request Forgery attack tool. (http://hexsec.com/)


About

MonkeyFist is a tool that creates dynamic request forgeries based on cross-domain data leakage. The tool then constructs a payload based on data in the payloads.xml file and sends it to the user's browser. This may include session data bypassing protection mechanisms for Cross-Site Request Forgery.


Written in

It is written in Python which means it is cross platform. Many operating systems already come with Python installed. The only dependency as of now is that lxml be installed. Currently this is just being used for the fixation payload type.


Read the Dynamic CSRF paper here

http://hexsec.com/docs/Dynamic_CSRF_rev1.pdf/view


More Information

For usage or practical examples, check out the Neohaxor blog.


Best Regards.

No comments:

Post a Comment

Disclaimer

The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.