cssInjection
CSS hijacking attack
A method to steal sensitive data by exploiting CSS injection vulnerabilities in websites that allow arbitrary CSS rendering.
Stealing CSRF tokens with CSS injection (without iFrames)
318 stars
15 watching
48 forks
Language: HTML
last commit: almost 7 years ago
Linked from 1 awesome list
Related projects:
Repository | Description | Stars |
---|---|---|
demi6od/smashing_the_browser | An in-depth exploration of browser exploitation techniques and vulnerability discovery | 446 |
dragokas/hijackthis | Scans for and identifies malicious system modifications | 703 |
justinas/nosurf | Protects against Cross-Site Request Forgery (CSRF) attacks in web applications by verifying user input | 1,598 |
marco-prontera/vite-plugin-css-injected-by-js | A Vite plugin that injects CSS into HTML pages using JavaScript | 430 |
heydon/revenge.css | A CSS-based tool that highlights bad HTML markup on web pages | 842 |
pillarjs/understanding-csrf | An explanation of how CSRF attacks work and how to mitigate them in web applications. | 1,401 |
myfavshrimp/turf | A toolchain for compile-time SCSS transformation and CSS injection into binaries | 64 |
fuzzysecurity/sharp-suite | A toolset for threat emulation and code injection using C#. | 1,114 |
directdefense/superserial | A Burp Suite Extender to identify Java Deserialization vulnerabilities in client requests and server responses. | 9 |
nachiketrathod/http.request.smuggling.desync.attack | An attacker exploits HTTP request smuggling to manipulate the sequence of requests and deceive both front-end and back-end security controls. | 14 |
koajs/stateless-csrf | CSRF protection without sessions using cookie hashing | 16 |
leovoel/beautifuldiscord | A tool that injects custom CSS into Discord's desktop application | 698 |
syssec-kaist/sigover_injector | A tool that exploits weaknesses in LTE broadcast signals to inject manipulated signals without an FBS. | 89 |
ah8r/csrf | A tool to scan websites for Cross-Site Request Forgery (CSRF) vulnerabilities and provide protection in Burp Suite Pro. | 19 |
tinyhttp/malibu | Middleware to help prevent cross-site request forgery attacks in web applications | 124 |