Sunday, August 2, 2009

MonkeyFist - The Dynamic Request Forgery Attack Tool

What Does It Do?

MonkeyFist is a tool that creates dynamic request forgeries based on cross-domain data leakage. The tool then constructs a payload based on data in the payloads.xml file and sends it to the user's browser. This may include session data bypassing protection mechanisms for Cross-Site Request Forgery.

What is it written in?

It is written in Python which means it is cross platform. Many operating systems already come with Python installed. The only dependency as of now is that lxml
be installed. Currently this is just being used for the fixation payload type.

Download MonkeyFist

No comments: