Category: Web Exploitation

CORS Exploitation Framework

CORS Exploitation Framework (CEF)

CORS Exploitation Framework (CEF) A proof-of-concept tool for conducting distributed exploitation of permissive CORS configurations. Install Install Redis and Python 3. Clone this repository: git clone https://github.com/lanmaster53/cef.git Install the dependencies. pip install -r requirements Set...

Dupe Key Injector

Dupe Key Injector: new XML signature bypass technique

Dupe Key Injector Dupe Key Injector is a Burp Suite extension implementing Dupe Key Confusion, a new XML signature bypass technique presented at BSides/BlackHat/DEFCON 2019 “SSO Wars: The Token Menace” presentation. Dupe Key Confusion...