Comments on: Webscarab Tutorial Part 3 (fuzzing) http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/ Wed, 16 May 2012 13:17:56 +0000 hourly 1 http://wordpress.org/?v=3.3 By: Kiran DJ http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/comment-page-1/#comment-1262 Kiran DJ Wed, 02 May 2012 06:25:55 +0000 http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/#comment-1262 Hi Travis, Many thanks for your informative posts, While working on my project instead of fuzzer i used XSS/CRLF functionality available in webscarab, the difference that i found was In fuzzer you have to select the attack vectors against the listed parameters one at a time, so if in case of 5 different parameters you have to repeat the fuzzing task 5 times (This reply is purely according to my experience, i welcome if someone found a nice method to do it) Assume that particular URL methods are vulnerable to XSS/CRLF attacks then I bet, that particular URL will be picked up by the XSS/CRLF section, the beauty of this method is assume that you have five parameters, you just have to update "Edit Test Strings" (add some more attack vectors, one below one) and click on Check button, all parameters will be auto injected and you will find the response. Here no need to inject parameter by parameter as it in case of fuzzer. If you are already updated this feature somewhere else then that's awesome, or else I request you to update it. Correct me if I am wrong Note: If parameters are vulnerable then you will definitely get a response or else there will be no response. Hi Travis,

Many thanks for your informative posts,

While working on my project instead of fuzzer i used XSS/CRLF functionality available in webscarab, the difference that i found was

In fuzzer you have to select the attack vectors against the listed parameters one at a time, so if in case of 5 different parameters you have to repeat the fuzzing task 5 times (This reply is purely according to my experience, i welcome if someone found a nice method to do it)

Assume that particular URL methods are vulnerable to XSS/CRLF attacks then I bet, that particular URL will be picked up by the XSS/CRLF section, the beauty of this method is
assume that you have five parameters, you just have to update “Edit Test Strings” (add some more attack vectors, one below one) and click on Check button, all parameters will be auto injected and you will find the response.

Here no need to inject parameter by parameter as it in case of fuzzer.

If you are already updated this feature somewhere else then that’s awesome, or else I request you to update it.

Correct me if I am wrong

Note: If parameters are vulnerable then you will definitely get a response or else there will be no response.

]]> By: MAFRI http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/comment-page-1/#comment-993 MAFRI Wed, 05 Oct 2011 22:22:42 +0000 http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/#comment-993 <strong>mafri...</strong> [...]» Blog Archive » Webscarab Tutorial Part 3 (fuzzing)[...]... mafri…

[...]» Blog Archive » Webscarab Tutorial Part 3 (fuzzing)[...]…

]]> By: KiranKumar Pedda http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/comment-page-1/#comment-745 KiranKumar Pedda Fri, 04 Dec 2009 03:46:15 +0000 http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/#comment-745 This site rocks... This site rocks…

]]> By: Mohamed http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/comment-page-1/#comment-715 Mohamed Tue, 20 Oct 2009 10:57:17 +0000 http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/#comment-715 Thank you Travis Thank you Travis

]]> By: travis http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/comment-page-1/#comment-714 travis Mon, 19 Oct 2009 11:07:38 +0000 http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/#comment-714 mohamed, not all web applications use the "location" field in their headers. it just so happens the example i used does. when looking to see if the sql injection was successful it's better to look in the body of the response (aka the very bottom pane in webscarab). if you see any errors or something that looks out of place then you may be able to perform sql injection. it's not an exact science but be on the look out for a response that is abnormal. does that answer your question? mohamed,

not all web applications use the “location” field in their headers. it just so happens the example i used does. when looking to see if the sql injection was successful it’s better to look in the body of the response (aka the very bottom pane in webscarab). if you see any errors or something that looks out of place then you may be able to perform sql injection. it’s not an exact science but be on the look out for a response that is abnormal. does that answer your question?

]]> By: Mohamed http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/comment-page-1/#comment-713 Mohamed Mon, 19 Oct 2009 09:39:51 +0000 http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/#comment-713 I added sql dictionary and started scanning then I went to conversations to check if the expression will take me to another page, I didn't found "Location" :( I added sql dictionary and started scanning then I went to conversations to check if the expression will take me to another page, I didn’t found “Location” :(

]]> By: travis http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/comment-page-1/#comment-712 travis Mon, 19 Oct 2009 08:27:34 +0000 http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/#comment-712 mohamed, are you saying there's no "location" in the header of the response? mohamed,

are you saying there’s no “location” in the header of the response?

]]> By: Mohamed http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/comment-page-1/#comment-709 Mohamed Sun, 18 Oct 2009 15:24:59 +0000 http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/#comment-709 Hi Travis I work on OWASP livecd Austin terrier Feb2009. When I tried webscarab as a sql scanner I didn't found the entry of Location please replay ASAP thanks in advance Hi Travis
I work on OWASP livecd Austin terrier Feb2009. When I tried webscarab as a sql scanner I didn’t found the entry of Location
please replay ASAP
thanks in advance

]]> By: Harjeet http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/comment-page-1/#comment-655 Harjeet Tue, 09 Jun 2009 14:37:01 +0000 http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/#comment-655 Hi Travis I am not getting any pop up window on security certificate for my application. Even though I clicked Intercept botton ON/OFF.Can you pls tell me wat to do? Thanks Harjeet Hi Travis

I am not getting any pop up window on security certificate for my application. Even though I clicked Intercept botton ON/OFF.Can you pls tell me wat to do?

Thanks
Harjeet

]]> By: travis http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/comment-page-1/#comment-654 travis Tue, 09 Jun 2009 13:22:06 +0000 http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/#comment-654 harjeet, that's somewhat of a general error but the first error is complaining about ssl, have you accepted the certificate so that webscarab can man in the middle the ssl traffic? you should click yes / accept to this certificate. below is a screen shot link to accepting a certificate. http://www.dental.ufl.edu/IT/images/netstorage_accept_cert.jpg harjeet,

that’s somewhat of a general error but the first error is complaining about ssl, have you accepted the certificate so that webscarab can man in the middle the ssl traffic? you should click yes / accept to this certificate. below is a screen shot link to accepting a certificate.

http://www.dental.ufl.edu/IT/images/netstorage_accept_cert.jpg

]]>