Phoenix

Phoenix is an online web tool page for hacking/security/bugbounty. It supports tools that can be used for technical analysis and compliance testing. If you have a good idea or additional comments about the tool, please send me(@hahwul) a tweet.

Session entropy CSRF Generate ???

Session Entropy

Sessions:

Session Number of cases:

Session Length :

Words

Lowercase: 26
Lower & Upper Case: 52
Alphanumeric: 36
Alphanumeric & Upper Case: 62
Common ASCII Characters: 30
Diceware Words List: 7,776
English Dictionary Words: 171,000

Result

-	Value	Description
Entropy		The session ID value must provide at least 64 bits of entropy (if a good PRNG is used, this value is estimated to be half the length of the session ID). 세션 ID 값은 적어도 64 비트의 엔트로피를 제공해야합니다 (양호한 PRNG가 사용되는 경우이 값은 세션 ID의 길이의 절반으로 추정됩니다).
Length		The session ID length must be at least 128 bits (16 bytes). 세션 ID 길이는 128 비트 (16 바이트) 이상이어야합니다.
Count		Count of sessions pattern

Prefix

VULN URL

POST Body(JSON or Request Params)

[GET] CSRF with <img>

output

[POST ] CSRF with <form>

There's a bug. Not yet.

[POST] JSON CSRF with Parameter Padding

output

[POST] JSON CSRF with SWF

output

References

https://www.hahwul.com/2018/08/attack-json-csrf-with-swfactionscript.html
https://www.hahwul.com/2016/07/web-hacking-putdelete-csrfcross-site.html
https://www.hahwul.com/2017/05/web-hacking-parameter-padding-for.html