Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Application fuzzing

1,774 views

Published on

This preso covers application layer fuzzing.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Application fuzzing

  1. 1. Application Layer Fuzzing
  2. 2. Attacker’s approach • Fuzzing over HTTP • Injecting faults with various set of payload • Try to raise the exception • Exception throw message back as part of HTTP response • Scanning response for signatures • If signature found, it becomes interesting entry for exploitation
  3. 3. Possible Leaks • Errors can send information about technology stack and weaknesses. In some cases error helps in fingerprinting web and application servers running on target application. • Internal IP addresses and architecture layout for network. • Intranet applications and their setups. • Type of backend database and its connection information. • Internal folders and file system layout for application. • Username and authentication mechanism and disclosures. • Hidden paths and folder which helps in retrieving several other files and internal database information. • Error code and other relevant information which helps in analyzing possible cause for an attacker.
  4. 4. Root cause • Deployment cause – Application runs on technology stack, it involves web server, application servers, plugins and handlers, database server etc. If these components are not configured properly or having inherent vulnerability then it can lead to information disclosure. • Source code cause – If application source code is not having best practices for error or exception handling then it ends up leaking information to end client as part of business logic. This set of information can help in detecting vulnerability or end up sharing internal logic information.
  5. 5. Error handlers Web Server Application Server Source Code Database/Auth/Backend HTTP Request HTTP Response Error Messages
  6. 6. File not found errors • HTTP 404 - not found server id server id
  7. 7. Internal server errors • HTTP 500 error messages: nature of error revealed in error code
  8. 8. PHP error example • Attempting to read a file which does not exist: Internal path disclosed.
  9. 9. Application error message example • Attempting to place an order that already exists: Internal path disclosed.
  10. 10. MySQL error example • Generated from a failed PHP MySQL query: Possible SQL injection point uncovered.
  11. 11. MS-SQL error example • Generated from a failed ASP MS-SQL query: Possible SQL injection point uncovered.
  12. 12. Tools & Conclusion

×