Web Application Attack and Audit Framework By Prajwal Panchmahalkar
<ul><li>W3af is a well known  web attack and auditing framework . </li></ul><ul><ul><li>Very similar to Metasploit framewo...
<ul><li>Web Service Support  </li></ul><ul><li>Exploits  </li></ul><ul><ul><li>SQL injections(blind) </li></ul></ul><ul><u...
<ul><li>Discovery Plugin </li></ul><ul><ul><li>URLS </li></ul></ul><ul><ul><li>Injection Points  </li></ul></ul><ul><li>Au...
 
 
<ul><li>Find all the URLs  </li></ul><ul><ul><li>Create Fuzzable request </li></ul></ul><ul><li>Plugins: </li></ul><ul><ul...
<ul><li>They  use the discovery plug-in outputs and find their respective vulnerabilities </li></ul><ul><ul><li>SQL Inject...
<ul><li>Grep every HTTP request and response </li></ul><ul><ul><li>findComments </li></ul></ul><ul><ul><li>passwordProfili...
<ul><li>BruteForce </li></ul><ul><ul><li>Bruteforce logins  </li></ul></ul><ul><li>Evasion </li></ul><ul><ul><li>Modify th...
Prajwal Panchmahalkar Team :  Matriux  , n|u   [email_address]
THANKS TO ALL
 
Upcoming SlideShare
Loading in...5
×

w3af

1,387

Published on

w3af by Prajwal Panchmahalkar @ null Hyderabad Meet, August, 2010

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,387
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
54
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

w3af

  1. 1. Web Application Attack and Audit Framework By Prajwal Panchmahalkar
  2. 2. <ul><li>W3af is a well known web attack and auditing framework . </li></ul><ul><ul><li>Very similar to Metasploit framework </li></ul></ul><ul><li>W3af combines all necessary actions for a complete web attack. </li></ul><ul><ul><li>Mapping </li></ul></ul><ul><ul><li>Discovery </li></ul></ul><ul><ul><li>Exploitation </li></ul></ul><ul><li>This puts the framework into three major plug-ins. </li></ul>
  3. 3. <ul><li>Web Service Support </li></ul><ul><li>Exploits </li></ul><ul><ul><li>SQL injections(blind) </li></ul></ul><ul><ul><li>OS commanding </li></ul></ul><ul><ul><li>remote file inclusions </li></ul></ul><ul><ul><li>local file inclusions </li></ul></ul><ul><ul><li>XSS and more </li></ul></ul><ul><li>A good harmony among plug-ins. </li></ul>
  4. 4. <ul><li>Discovery Plugin </li></ul><ul><ul><li>URLS </li></ul></ul><ul><ul><li>Injection Points </li></ul></ul><ul><li>Audit Plugin </li></ul><ul><ul><li>Uses the above injection points </li></ul></ul><ul><ul><li>Sends crafted data to find vulnerabilities </li></ul></ul><ul><li>Exploit Plugin </li></ul><ul><ul><li>Exploits vulnerabilities found </li></ul></ul><ul><ul><li>Provides SQL dumps / remote shell is returned </li></ul></ul>
  5. 7. <ul><li>Find all the URLs </li></ul><ul><ul><li>Create Fuzzable request </li></ul></ul><ul><li>Plugins: </li></ul><ul><ul><li>WebSpider </li></ul></ul><ul><ul><li>URL fuzzer </li></ul></ul><ul><ul><li>Pykto </li></ul></ul><ul><ul><li>GoogleFuzzer </li></ul></ul>
  6. 8. <ul><li>They use the discovery plug-in outputs and find their respective vulnerabilities </li></ul><ul><ul><li>SQL Injection (blind) </li></ul></ul><ul><ul><li>XSS </li></ul></ul><ul><ul><li>Buffer Overflow </li></ul></ul><ul><ul><li>Response Splitting </li></ul></ul>
  7. 9. <ul><li>Grep every HTTP request and response </li></ul><ul><ul><li>findComments </li></ul></ul><ul><ul><li>passwordProfiling </li></ul></ul><ul><ul><li>privateIP </li></ul></ul><ul><ul><li>DirectoryIndexing </li></ul></ul><ul><ul><li>Getmails </li></ul></ul><ul><ul><li>lang </li></ul></ul>
  8. 10. <ul><li>BruteForce </li></ul><ul><ul><li>Bruteforce logins </li></ul></ul><ul><li>Evasion </li></ul><ul><ul><li>Modify the request to evade IDS detection </li></ul></ul><ul><li>Mangle </li></ul><ul><ul><li>Modify requests/responses based on regular expressions. </li></ul></ul><ul><li>Output </li></ul><ul><ul><li>Write logs . </li></ul></ul>
  9. 11. Prajwal Panchmahalkar Team : Matriux , n|u [email_address]
  10. 12. THANKS TO ALL
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×