cssInjection

CSS hijacking attack

A method to steal sensitive data by exploiting CSS injection vulnerabilities in websites that allow arbitrary CSS rendering.

Stealing CSRF tokens with CSS injection (without iFrames)

GitHub

318 stars
15 watching
48 forks
Language: HTML
last commit: almost 7 years ago
Linked from 1 awesome list


Backlinks from these awesome lists:

Related projects:

Repository Description Stars
demi6od/smashing_the_browser An in-depth exploration of browser exploitation techniques and vulnerability discovery 446
dragokas/hijackthis Scans for and identifies malicious system modifications 703
justinas/nosurf Protects against Cross-Site Request Forgery (CSRF) attacks in web applications by verifying user input 1,598
marco-prontera/vite-plugin-css-injected-by-js A Vite plugin that injects CSS into HTML pages using JavaScript 430
heydon/revenge.css A CSS-based tool that highlights bad HTML markup on web pages 842
pillarjs/understanding-csrf An explanation of how CSRF attacks work and how to mitigate them in web applications. 1,401
myfavshrimp/turf A toolchain for compile-time SCSS transformation and CSS injection into binaries 64
fuzzysecurity/sharp-suite A toolset for threat emulation and code injection using C#. 1,114
directdefense/superserial A Burp Suite Extender to identify Java Deserialization vulnerabilities in client requests and server responses. 9
nachiketrathod/http.request.smuggling.desync.attack An attacker exploits HTTP request smuggling to manipulate the sequence of requests and deceive both front-end and back-end security controls. 14
koajs/stateless-csrf CSRF protection without sessions using cookie hashing 16
leovoel/beautifuldiscord A tool that injects custom CSS into Discord's desktop application 698
syssec-kaist/sigover_injector A tool that exploits weaknesses in LTE broadcast signals to inject manipulated signals without an FBS. 89
ah8r/csrf A tool to scan websites for Cross-Site Request Forgery (CSRF) vulnerabilities and provide protection in Burp Suite Pro. 19
tinyhttp/malibu Middleware to help prevent cross-site request forgery attacks in web applications 124