Skip to content
/ CMRFScanner Public

This is the repository for the paper "Cross Miniapp Request Forgery"

17 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

OSUSecLab/CMRFScanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
__pycache__
__pycache__
 
 
node_modules
node_modules
 
 
out
out
 
 
pdg_js
pdg_js
 
 
testcase
testcase
 
 
unusedscripts
unusedscripts
 
 
MiniLyzer-master.py
MiniLyzer-master.py
 
 
MiniLyzer-slave.py
MiniLyzer-slave.py
 
 
PDG-AIAPI.js
PDG-AIAPI.js
 
 
PDG-naviback-baidu.js
PDG-naviback-baidu.js
 
 
PDG.js
PDG.js
 
 
README.md
README.md
 
 
__init__.py
__init__.py
 
 
backup-unpack_extension.py
backup-unpack_extension.py
 
 
browser_api.py
browser_api.py
 
 
checkCondition.js
checkCondition.js
 
 
check_permissions.py
check_permissions.py
 
 
chrome_api.py
chrome_api.py
 
 
danger_analysis.py
danger_analysis.py
 
 
display_extension.py
display_extension.py
 
 
doublex.py
doublex.py
 
 
extension_communication.py
extension_communication.py
 
 
find_all_unchecked.py
find_all_unchecked.py
 
 
find_vuln.py
find_vuln.py
 
 
find_vuln_baidu.py
find_vuln_baidu.py
 
 
get-pip.py
get-pip.py
 
 
get_pdg.py
get_pdg.py
 
 
handle_messages.py
handle_messages.py
 
 
main.py
main.py
 
 
messages.py
messages.py
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
readFile.js
readFile.js
 
 
sample.py
sample.py
 
 
unpack-wxapkg.py
unpack-wxapkg.py
 
 
utility.py
utility.py
 
 
vulnerability_detection.py
vulnerability_detection.py
 
 
wa_communication.py
wa_communication.py
 
 

Repository files navigation

CMRFScanner

This is the repository for the paper CCS 2022 "Cross Miniapp Request Forgery"

To try out the tool:

Unpack the .wxapkg file with unpack-wxapkg.py

Run the find_vuln.py.

Running example

Use the .wxapkg in out/ folder as an example:

First unpack the miniapp:

python3 unpack-wxapkg.py out/wx47d72b584b36b68f.wxapkg

Then run:

python3 main.py

The path to the unpacked folder is specified in the main.py.

Citacion

  @inproceedings{yang2022cross,
    title={Cross Miniapp Request Forgery: Root Causes, Attacks, and Vulnerability Detection},
    author={Yang, Yuqing and Zhang, Yue and Lin, Zhiqiang},
    booktitle={Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security},
    pages={3079--3092},
    year={2022}
  }

About

This is the repository for the paper "Cross Miniapp Request Forgery"

Resources

Readme
Activity
Custom properties

Stars

17 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages