/COD-project

Cyber Offense and Defense Project - Università della Calabria

Primary LanguagePython

COD-project

Cyber Offense and Defense Project - Università della Calabria

Chosen challenges from PortSwigger:

Client-side - CSRF where token validation depends on request method
Server-side - Blind OS command injection with output redirection
Expert - Exploiting XXE to retrieve data by repurposing a local DTD

Used in scripts:

https://github.com/Textualize/rich https://github.com/SBoudrias/Inquirer.js https://github.com/tiangolo/typer

Used in backend:

https://github.com/pallets/flask

To run Flask (in terminal)

1. export FLASK_APP=backend.py    
2. export FLASK_ENV=development
3. flask run

You can find a brief explanation of our work here