Exploiting XSS with DefaceTool

DefaceTool is an open-source Java Server Faces(JSF) testing tool for decoding view state and creating view state attack vectors. The tool can be used to create XSS attacks and session and application scope attacks against Apache MyFaces 1.2.8 applications. The tool has been architected to be extensible and can be modified to support other versions of Apache MyFaces and Sun Mojarra.

USAGE
=====

DefaceTool is a Java application. Once built, launch the resulting
“defacetool.jar” file using Java.

java -jar defacetool.jar

COPYRIGHT
=========

DefaceTool- A web application security testing tool
Created by David Byrne and Rohini Sulatycki
Copyright (C) 2010 Trustwave Holdings, Inc.

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>

Download

NJ Ouchn

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"