Skip to content
/ deemon Public

Deemon is a tool to detect CSRF in web applications. Deemon has been used for the paper "Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs" by G. Pellegrino, M. Johns, S. Koch, M. Backes, and C. Rossow.

74 stars 21 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tgianko/deemon

BranchesTags

Repository files navigation

Deemon Project

This is the code base of Deemon, a tool to detect CSRF in web applications. Deemon is an application-agnostic, automated framework designed to be used by developers and security analysts during the security testing phase of the software development life-cycle. The current version of Deemon supports PHP-based web applications that use MySQL databases.

Deemon has been used for the paper Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs by G. Pellegrino, M. Johns, S. Koch, M. Backes, and C. Rossow.

Bibtex:

@inproceedings{deemon2017,
  title={{\textsc{Deemon}: Detecting CSRF with Dynamic Analysis and Property Graphs}},
  author={Pellegrino, Giancarlo and Johns, Martin and Koch, Simon and Backes, Michael and Rossow, Christian},
  booktitle={{Proceedings of the 2017 ACM Conference on Computer and Communications Security}},
  year={2017},
  organization={ACM}
}

Components

This project consists in a number of tools that are chained in a variety of ways. It also uses a number of existing tools:

  • zumka: Tools to instrument VM (bitnami + vbox only)
  • vilanoo: HTTP/S proxy that intercepts browser requests.
  • mosgi: Server to collect Web Application raw execution traces, session data, and file I/O.
  • rawtrace-analysis: A tool that extracts SQL traces, session data snapshots, and file I/O operations from raw traces of mosgi and vilanoo.
  • dbmanager: The tool create a property graph of the web application. It imports dynamic traces and infers (1) finate-state machines, (2) data-flow models, and (3) data types.
  • testermanager: The tool to generate tests to detect CSRF vulnerabilities
  • csrf-test-runner: The tool to execute tests against a web application

External components

Deemon relies on two external tools:

  • Selenium IDE: (not included in Deemon) Tool to capture user-generated Selenese HTML
  • selenese-runner-java: (included as binary in Deemon) Tool to run Selenese HTML.
  • proxy2: (included in Deemon) HTTP/HTTPS proxy in a single python script.

License

GPL v3

Installation

Requirements and installation of internal component are here. For the external ones, please refer to the documentation of each project.

Note: A standalone .jar file of the interactive selenese-runner is in our repository.

Tutorials

We prepared a quick tutorial to get into the testing for CSRF vulnerabilities right away here as well as a more extensive documentation of each tool involved here.

Authors

  • Giancarlo Pellegrino <gpellegrino[at]cispa.saarland>
  • Simon Koch <s9sikoch[at]stud.uni-saarland.de>
  • Florian Loch
  • Benny Rolle

About

Deemon is a tool to detect CSRF in web applications. Deemon has been used for the paper "Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs" by G. Pellegrino, M. Johns, S. Koch, M. Backes, and C. Rossow.

Topics

csrf vulnerability-detection security-testing

Resources

Readme
Activity

Stars

74 stars

Watchers

10 watching

Forks

21 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages