<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Tools on Nabil Kara — CTF Writeups</title><link>https://nabilkara.github.io/posts/tools/</link><description>Recent content in Tools on Nabil Kara — CTF Writeups</description><generator>Hugo</generator><language>en</language><lastBuildDate>Tue, 09 Jun 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://nabilkara.github.io/posts/tools/index.xml" rel="self" type="application/rss+xml"/><item><title>A ZAP CSTI active scan rule</title><link>https://nabilkara.github.io/posts/tools/csti-zap/</link><pubDate>Tue, 09 Jun 2026 00:00:00 +0000</pubDate><guid>https://nabilkara.github.io/posts/tools/csti-zap/</guid><description>&lt;h2 id="introduction">Introduction&lt;/h2>
&lt;p>I started to work on this project as an intern at Djezzy Optimum Télécom Algérie SPA, under the supervision of Mr. &lt;a href="https://www.linkedin.com/in/abdelkhalek-beraoud-707567245/" target="_blank">Beraoud Abdelkhalek&lt;/a> who was behind the idea and whose invaluable guidance, transformative advice, and remarkable patience supported the work throughout its development.&lt;/p>
&lt;p>The active scan rule described here was built as an alpha rule for ZAP. You can find the code &lt;a href="https://github.com/NabilKara/zap-extensions" target="_blank">here&lt;/a>.&lt;/p>
&lt;h2 id="implementation-basis-the-csti-alert-paper">Implementation Basis: The CSTI-Alert Paper&lt;/h2>
&lt;p>The methodology comes from the &lt;a href="https://www.eurecom.fr/en/publication/8608" target="_blank">paper&lt;/a>: &lt;code>{{alert('CSTI')}}: Large-Scale Detection of Client-Side Template Injection&lt;/code>. The part we are concerned with for this active scan rule is not the large-scale crawling infrastructure itself, but the detection methodology:&lt;/p></description></item></channel></rss>