A Java Server Faces (JSF) testing tool for decoding view state and creating view state attack vectors.
Java
Latest commit b996359 Dec 7, 2010 Steve Ocepek First commit
Permalink
Failed to load latest commit information.
lib First commit Dec 7, 2010
src First commit Dec 7, 2010
README.txt First commit Dec 7, 2010
build.xml First commit Dec 7, 2010

README.txt

deface
dbyrne@trustwave.com
rsulatycki@trustwave.com
http://www.trustwave.com/spiderlabs

INTRODUCTION
============

DefaceTool is an open-source Java Server Faces(JSF) testing tool for decoding
view state and creating view state attack vectors. The tool can be used to
create XSS attacks and session and application scope attacks against Apache
MyFaces 1.2.8 applications. The tool has been architected to be extensible
and can be modified to support other versions of Apache MyFaces and
Sun Mojarra.

USAGE
=====

DefaceTool is a Java application. Once built, launch the resulting
"defacetool.jar" file using Java.

java -jar defacetool.jar

COPYRIGHT
=========

DefaceTool- A web application security testing tool
Created by David Byrne and Rohini Sulatycki
Copyright (C) 2010 Trustwave Holdings, Inc.

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>