I <3 Bots!
Subscribe to the RSS feed

Tools

Entries feed - Comments feed

Thursday, November 30 2006

I'm lazy but I do scan JavaScript

By Romain on Thursday, November 30 2006, 14:04 UTC

One of the biggest issue with Grabber and AJAX stuffs is to get the script names, parameters etc. The best solution is of course to emulate/plug a JavaScript interpreter in the scanner thus you can see what calls are running etc.

But it's hard to do (even if I plan to plug spidermonkey with Grabber...)! Then, I've made a very small JavaScript scanner that try to get the URL and the parameters of the scripts.
It seems to work well even if the list of theses "dumb_parameters" is, in my tests, not twice bigger as the real list; but it catch everything.

I should be able to say that it will run every callable servers scripts.

This will be in the next version of Grabber.

no comment

Tuesday, November 28 2006

Web Apps Scanner pre-release

By Romain on Tuesday, November 28 2006, 22:38 UTC

Just an explanation about Grabber and a pre-release version.

I plan to release it when it will be really interesting, but you can reach it's page here: http://rgaucher.info/beta/grabber
But you can already download and use it. Every comments are welcome...

no comment

Monday, November 20 2006

If I had time to dive into...

By Romain on Monday, November 20 2006, 10:09 UTC

I would work on the creation of a hybrid/crystal box tool using:

  • PHP-Sat for the static analysis part or a Simple RegEx matcher
  • My own black box tester

Actually, it's quite easy to combine:

# don't care about the false positive rate
If you find something with the static analyser :
   # <=> check for false positive  
    test the parameter/address with the black box tester.

The result would be a serious decrease of the false-positive and hopefully an increase of the true-positive...

no comment

Friday, November 17 2006

Tools evaluation state...

By Romain on Friday, November 17 2006, 15:48 UTC

For my work in the Samate Project, in the web apps scanners evaluation, I made a website with a variable level of security, because I was totally not satisfied by the Watchfire or the SPI-Dynamics demo websites.

Then, I started to consider this website as a test suite... The problem is the gap that could be in different type of tools: - basic tools (Paros, Pantera, Wapiti etc.) - famous commercials (webinspect, appscan, ntospider etc.) Mainly because of the AJAX.

Actually I use AJAX in different part of the website such as login system, registration, dynamic verification and I'm sure that if you cannot interpret the JavaScript, you cannot see the vulnerabilities in this code. Maybe the tools can parse some urls... maybe i have to create another "more classical" website, with only {php,mysql,sessions,cookies}... Wait and see the first results

no comment

Tuesday, November 7 2006

Feet in the Soup

By Romain on Tuesday, November 7 2006, 10:31 UTC

Since I'm working on Web Apps Scanner, I made scripts to automate some vulnerability detection. This work would have been a pain without Beautiful Soup.

This library is simply amazing, here is an example to retrieve every links on a webpage:

import urllib
from BeautifulSoup import BeautifulSoup
htmlContent = urllib.urlopen("http://rgaucher.info/").read()
soup = BeautifulSoup(htmlContent)
for a in soup.fetch('a'):
	print a['href']|php:import urllib

And because it does only html/xml parsing, it's quite easy to deal with cookies, proxies etc. (cookielib & urllib)!

no comment

Monday, October 30 2006

How to fill a database ?

By Romain on Monday, October 30 2006, 21:33 UTC

Because Internet and the non limited number of blogs is a nice source of words, I use to crawl the web to fill the Reverse database. So, sorry to:

  • ha.ckers.org (an amazing website!)
  • yaronet.com (for french words)
  • myspace.com ^^

but it was the origins of my scan.

The crawler is a very simple 100-lines Python script, even if it's not the fastest, it's nice enough to be used here.

no comment

Wapiti! Piti piti

By Romain on Monday, October 30 2006, 15:57 UTC

You: What a sense of humour!
Me: I know

By the way, this thread is only to give a URL: http://wapiti.sourceforge.net This is a quite simple web apps scanner. I have to test it for wednesday (when I'll give a presentation on Web Apps Scanners with Demos).

And because I'm glad you're reading theses lines, here is a new 'stuff' on OWASP website (meaning Cool Stuff For Web Developpers/Security) : Pantera

no comment

Sunday, October 29 2006

Special Search Engine

By Romain on Sunday, October 29 2006, 15:14 UTC

Looking for a password or reversing a value for md5 or sha1 ? There is already a service given by rednoize.com but it only reverse the md5... so, as sha1 is more and more used (since Md5 has some weaknesses).

The idea is to provide a huge database and then start some mining of this database (getting some new collisions ?) You can reach this tool here!

no comment

page 2 of 2 -

I <3 Bots!