Rawkcy/CSRF
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
ECE458 FINAL PROJECT ==================== Faycebook Protection -------------------- 1. Session token is generated and stored on extension activation. 2. Extension script runs on all pages, look for forms with `method="POST"` attribute, adds an `onsubmit` event. 3. When form is submited, script looks for field `__sessionToken`. 4. Reject if token value is NULL or does not equal current session. App Login --------- Username: rawkcy Password: wtfECE458 SETUP ----- Firstly, in terminal git clone https://github.com/Rawkcy/CSRF.git flask-app/bin/python CSRF.py Secondly, in browser load `localhost:5000/faycebook` login with credentials Lastly, attack load 'attack/badform.html' in browser Finally, protect load and activate extension/ load 'attack/badform.html' in browser BOOM, REJECTED! Ze Stack Dou ------------ - Python/Flask - Flask if a microframework for quickly creating Python web applications - Stormpath - online user login hosting service for Flask applications - Chrome Extension - content_script.js (injects code into DOM) - popup.js - background.js CREDITS ------- https://stormpath.com/blog/build-a-flask-app-in-30-minutes/ Twitter Bootstrap
About
ECE458 final project
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published