Ricardo Martin Rodriguez - Formshaker
This presentation was held at #Hacktivity2023 IT security conference on 5th October 2023.
Formshaker is a JS lib that runs in browsers and acts as a proxy, establishing a bridge between websites functionality and attackers. Its purpose is to maximize the attacker capabilities when exploiting XSS. Formshaker is a project that a friend of mine and I initiated in 2018. It consists of a web application (C&C) and a JS library. The JS library operates in two modes: C&C dependent and standalone. From a technical standpoint, the tool’s purpose is to crawl a website, collect its HTML forms, and provide an attacker with visibility into the forms available on the website where the JS library is active. This allows the attacker, through the C&C, to view, modify, and submit the forms via the JS library within the context of the victim’s session. On the other hand, the standalone version of the tool is self-contained. It includes all the necessary information within the JS code to populate form inputs and make decisions to automatically submit forms with preconfigured data. It’s important to note that this mode operates independently and does not interact with the C&C. An intriguing scenario occurs when you, as an attacker, inject the JS agent into the victim’s browser, particularly if that person possesses admin privileges. In such a case, the JS library would identify the user creation form, fill its inputs with predetermined values (such as the attacker’s email and password), and proceed to create a user.
#HACKTIVITY is the biggest event of its kind in Central & Eastern Europe. About 1000 visitors are coming from all around the globe every year to learn more about the latest trends of cybersecurity, get inspired by people with similar interest and develop themselves via comprehensive workshops and training sessions.
www.hacktivity...
#cybersecurity #formshaker