Skip to content

praetorian-colby-morgan/json-csrf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
read.html
read.html
 
 
test.php
test.php
 
 
test.swf
test.swf
 
 
vhost.conf
vhost.conf
 
 

Repository files navigation

json-csrf

For demonstrating a CSRF attack sending JSON data using Flash.

How to use

docker build -t json-csrf .

docker run -p 8000:80 json-csrf

Now, browse to the following URL, replacing the JSON_DATA with the JSON data that should be sent and the TARGET_ENDPOINT with the endpoint of the vulnerable application:

http://localhost:8000/read.html?jsonData={JSON_DATA}&php_url=http://localhost:8000/test.php&endpoint=TARGET_ENDPOINT

Update: This appears to no longer work in the most recent version of Firefox. Still works in other browsers.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages