![Page 1: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/1.jpg)
© Blueinfy Solutions Pvt. Ltd.
Web 2.0 Tools Usage & Understanding• Web2Proxy• Web2Fuzz
AppSecLabs
![Page 2: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/2.jpg)
© Blueinfy Solutions Pvt. Ltd.
Web2Proxy
• Objectives- Analyzing Web 2.0 streams (XML, JSON, JS-
Objects etc.)- Running application through the tools and
capturing or trapping those requests- Profiling requests and responses- Determining entry points and various
attributes of response like hidden fields, login forms etc.
![Page 3: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/3.jpg)
© Blueinfy Solutions Pvt. Ltd.
How it works?
• Start Web2Proxy and define your scan name and listening port
• Setup that port as proxy in your browser• Now browse your target application• Web2Proxy will be tunneling all requests
and response at the same time profile each of them
• You get nice profiled view on application window
![Page 4: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/4.jpg)
© Blueinfy Solutions Pvt. Ltd.
Setting a scan
Define new scanEnter name and listening port address
![Page 5: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/5.jpg)
© Blueinfy Solutions Pvt. Ltd.
Set that port on browser
![Page 6: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/6.jpg)
© Blueinfy Solutions Pvt. Ltd.
Start your proxy
Start and stop yourProxy and Filtering
Use this if you want toTrap requests run time
![Page 7: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/7.jpg)
© Blueinfy Solutions Pvt. Ltd.
Profile of application
JSON input and output
![Page 8: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/8.jpg)
© Blueinfy Solutions Pvt. Ltd.
XML analysis
XML stream as Output
![Page 9: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/9.jpg)
© Blueinfy Solutions Pvt. Ltd.
Fuzzing
• Fuzzing JSON or XML streams- Two aspects of fuzzing – Injection and
Response Analysis- Injecting malicious payload with different
variants encompassing encoding- Analyzing responses coming from application- Both HTTP header as well as body may
contain clues for possible vulnerabilities
![Page 10: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/10.jpg)
© Blueinfy Solutions Pvt. Ltd.
Response Analytics
• Response can be analyzed in following three important dimensions- Vulnerability Signature- Structure analysis- Application behavior
![Page 11: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/11.jpg)
© Blueinfy Solutions Pvt. Ltd.
Web2Fuzz
• Fuzzing tool- Pass on JSON or XML stream to application- Define your load- Select your encoding/ency- Pass on regex for vulnerability signatures- Start fuzzing- Do response analysis
![Page 12: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/12.jpg)
© Blueinfy Solutions Pvt. Ltd.
Fuzzing Analytics
• Following analysis is supported by the tool• Signature
- Using regex patterns• Structure
- Checking page’s MD5 • Behavior
- Size of the stream- Response time analysis
![Page 13: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/13.jpg)
© Blueinfy Solutions Pvt. Ltd.
Web2Fuzz
Select fuzzLoad
Select PatternsLoad
All analysisVectors
![Page 14: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/14.jpg)
© Blueinfy Solutions Pvt. Ltd.
JSON Fuzzing for SQL• Here is simple list of fuzz load
- '- "- --- #- a- 1- -1- 100000000000000000- @- ?- %c0%a7- %C0%A2
![Page 15: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/15.jpg)
© Blueinfy Solutions Pvt. Ltd.
Look for regex…
• .*?(sqlexception|syntax|error|exception|sql|DB2|Oracle|MySQL|SqlServer|ODBC|OLEDB|exception).*?
![Page 16: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/16.jpg)
© Blueinfy Solutions Pvt. Ltd.
Snap…
![Page 17: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/17.jpg)
© Blueinfy Solutions Pvt. Ltd.
Snap…
![Page 18: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/18.jpg)
© Blueinfy Solutions Pvt. Ltd.
Blind SQL over JSON
• Here is a sample fuzz load- "1 OR 1=1"- "1 AND 1=1"- "a AND 1=0"- "1;waitfor delay '0:0:10'"
![Page 19: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/19.jpg)
© Blueinfy Solutions Pvt. Ltd.
Analyzing responses
• Here is the output
![Page 20: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/20.jpg)
© Blueinfy Solutions Pvt. Ltd.
Response size
Length is large inOR operation –Indicating something
![Page 21: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/21.jpg)
© Blueinfy Solutions Pvt. Ltd.
JSON’s MD5
MD5 of AND operationsare different – indicatespossible blind spot
![Page 22: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/22.jpg)
© Blueinfy Solutions Pvt. Ltd.
Response time
Delay of 10seconds – injectionis successful…
![Page 23: Web 2.0 Tools Usage & Understanding - Blueinfy · © Blueinfy Solutions Pvt. Ltd. Web 2.0 Tools Usage & Understanding • Web2Proxy • Web2Fuzz AppSecLabs](https://reader033.vdocuments.net/reader033/viewer/2022042321/5f0b898a7e708231d431014a/html5/thumbnails/23.jpg)
© Blueinfy Solutions Pvt. Ltd.
Thanks!
Blueinfy Solutions Pvt. Ltd.INDIA
8/B Shitalbaug society, PaldiAhmedabad 380007Tel: 91+9879027018
USA900 S. Cardiff Street, Anaheim, CA 92806Tel. 714-656-3652
Email: [email protected]