Skip to content

Deemon is a tool to detect CSRF in web applications. Deemon has been used for the paper "Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs" by G. Pellegrino, M. Johns, S. Koch, M. Backes, and C. Rossow.

master
Go to file
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

Deemon Project

This is the code base of Deemon, a tool to detect CSRF in web applications. Deemon is an application-agnostic, automated framework designed to be used by developers and security analysts during the security testing phase of the software development life-cycle. The current version of Deemon supports PHP-based web applications that use MySQL databases.

Deemon has been used for the paper Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs by G. Pellegrino, M. Johns, S. Koch, M. Backes, and C. Rossow.

Bibtex:

@inproceedings{deemon2017,
  title={{\textsc{Deemon}: Detecting CSRF with Dynamic Analysis and Property Graphs}},
  author={Pellegrino, Giancarlo and Johns, Martin and Koch, Simon and Backes, Michael and Rossow, Christian},
  booktitle={{Proceedings of the 2017 ACM Conference on Computer and Communications Security}},
  year={2017},
  organization={ACM}
}

Components

This project consists in a number of tools that are chained in a variety of ways. It also uses a number of existing tools:

  • zumka: Tools to instrument VM (bitnami + vbox only)
  • vilanoo: HTTP/S proxy that intercepts browser requests.
  • mosgi: Server to collect Web Application raw execution traces, session data, and file I/O.
  • rawtrace-analysis: A tool that extracts SQL traces, session data snapshots, and file I/O operations from raw traces of mosgi and vilanoo.
  • dbmanager: The tool create a property graph of the web application. It imports dynamic traces and infers (1) finate-state machines, (2) data-flow models, and (3) data types.
  • testermanager: The tool to generate tests to detect CSRF vulnerabilities
  • csrf-test-runner: The tool to execute tests against a web application

External components

Deemon relies on two external tools:

  • Selenium IDE: (not included in Deemon) Tool to capture user-generated Selenese HTML
  • selenese-runner-java: (included as binary in Deemon) Tool to run Selenese HTML.
  • proxy2: (included in Deemon) HTTP/HTTPS proxy in a single python script.

License

GPL v3

Installation

Requirements and installation of internal component are here. For the external ones, please refer to the documentation of each project.

Note: A standalone .jar file of the interactive selenese-runner is in our repository.

Tutorials

We prepared a quick tutorial to get into the testing for CSRF vulnerabilities right away here as well as a more extensive documentation of each tool involved here.

Authors

  • Giancarlo Pellegrino <gpellegrino[at]cispa.saarland>
  • Simon Koch <s9sikoch[at]stud.uni-saarland.de>
  • Florian Loch
  • Benny Rolle

About

Deemon is a tool to detect CSRF in web applications. Deemon has been used for the paper "Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs" by G. Pellegrino, M. Johns, S. Koch, M. Backes, and C. Rossow.

Topics

Resources

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.