Here is a list of tools, prototypes, and datasets as part of past/current research projects.
JAW is a hybrid, scalable framework to analyze client-side JavaScript programs for the detection of client-side CSRF vulnerabilities. JAW can be used to conduct interactive and exploratory analysis of JavaScript code
[ Home Page ]
[ GitHub ]
[ Paper ]
Black widow is a new data-driven web application scanner that combines three techniques: navigation modeling, graph traversing, and tracking inter-state dependencies.
[ Download code ]
[ Paper ]
We released scripts, datasets, and trained YOLOv3 models of our work Ad-versarial: Defeating Perceptual Ad-Blocking
[ GitHub ]
[ Paper ]
Fidelius is a new architecture with trusted path for user I/O/ and Web Enclaves, to protect user secrets even if the entire underlying browser and OS are fully controlled by a malicious attacker.
[ Home Page @Stanford ]
[ GitHub ]
[ Paper ]
Deemon detects CSRF in PHP/SQL web applications by combining dynamic analysis with property
graphs.
[ GitHub ]
[ Paper ]
Günter tests web applications against Server Side Request (SSR) abuse including
Web Origin Laundering, Server Side Request Forgery (SSRF) and other abuses.
[ GitHub ]
[ Paper ]
jÄk (jAEk) (yet Änother krawler, ja!) is a crawler that uses function
hooking and other dynamic analysis techniques to identify JavaScript event function registratio to explore
the attack surface of web applications.
[ GitHub ]
[ Paper ]