Jump to content
SirGod

Backslash Powered Scanning: Hunting Unknown Vulnerability Classes

Recommended Posts

Posted

Un articol de calitate, dupa cum ne-au obisnuit baietii de la PortSwigger. Recomand si restul articolelor de pe blogul lor.

 

Backslash Powered Scanning: Hunting Unknown Vulnerability Classes

James Kettle - james.kettle@portswigger.net - @albinowax

 

Abstract

 

Existing web scanners search for server-side injection vulnerabilities by throwing a canned list of technology-specific payloads at a target and looking for signatures - almost like an anti-virus. In this document, I'll share the conception and development of an alternative approach, capable of finding and confirming both known and unknown classes of injection vulnerabilities. Evolved from classic manual techniques, this approach reaps many of the benefits of manual testing including casual WAF evasion, a tiny network footprint, and flexibility in the face of input filtering. 

True to its heritage, this approach also manages to harness some pitfalls that will be all too familiar to experienced manual testers. I'll share some of the more entertaining findings and lessons learned from unleashing this prototype on a few thousand sites, and release a purpose-built stealthy-scanning toolkit. Finally, I'll show how it can be taken far beyond injection hunting, leaving you with numerous leads for future research.

 

Outline

 

Introduction

Three Failures of Scanners

Rare Technology

Variants and Filters

Buried Vulnerabilities

Alternative Approach to Scanning

Suspicious Input Transformations

Probe-pair Fuzzing

Core Logic

Types of Mutation

Recognising Response Differences

Hunting Findings

Scanning Distributed Systems

Sample Results

Lessons Learned

Further Research

Enumerable Input Detection

Cold-start Bruteforce Attacks

Conclusion

 

Articol complet: http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...