SlideShare a Scribd company logo

W3af

Download as DOC, PDF
V
vjbala

W3af is a web application security testing framework with three core plugin types: discovery, audit, and attack/exploit. It has both a console and graphical user interface. The framework finds vulnerabilities through discovery and audit plugins, then attack plugins can exploit vulnerabilities, such as returning a remote shell. Key features include vulnerability scanning, results visualization, logging, and the ability to create reverse tunnels for remote access.

1 of 5
W3af –Web application attack and audit framework W3af is a complete environment for auditing and attacking web applications. This environment provides a solid platform for auditing and penetration-testing. It is working on python application. Compatibility for sites use embedded objects, like Macromedia Flash and Java applets, The framework has three types of plugins: discovery, audit and attack. Discovery plugins have only one responsibility, finding new URLs, forms, and other “injection points”. Audit plugins take the injection points found by discovery plugins and send specially crafted data to all of them in order to find vulnerabilities. Attack plugins objective is to exploit vulnerabilities found by audit plugins. They usually return a shell on the remote server, or a dump of remote tables in the case of SQL injections exploits. W3af has two user interfaces, the console user interface (consoleUI) and the graphical user interface (gtkUi). This user guide will focus on the consoleUI, which ismore fully tested and complete than the gtkUi. To fire up the consoleUI you just have to execute w3af without parameters and you will get a prompt like this one: $ ./w3af_console w3af>>> Graphical user interface (gtkUi) is a framework also has a graphical user interface that you can start by executing. The graphical user interface allows you to perform all the actions that the framework offers and features a much easier
and faster way to start a scan and analyze the results. Here the screen shot-1 Three core types of plugins are discovery, audit and exploit. The complete list of plugins types is:  Discovery: Find new points of injection  Audit: To find vulnerabilities  Grep: It analyze all page content and find vulnerabilities on pages that are requested by other plugins  Exploit: Use the vulnerabilities found in the audit phase and return something useful to the user (remote shell, SQL table dump, a proxy, etc).
 Output: The way the framework and the plugins communicate with the user. Output plugins save the data to a text or html file. Debugging information is also sent to the output plugins and can be saved for analysis.  Mangle: It allows modification of requests and responses based on regular expressions, think “sed (stream editor) for the web”.  Bruteforce: This plugins will bruteforce logins. These plugins are part of the discovery phase.  Evasion: Evasion plugins try to evade simple intrusion detection rules Key features: This following feature allows you to create a reverse tunnel that will route TCP connections through the compromised server. Unlike virtual daemon, this feature is ready to use and doesn't require any other software. Before going through an example to see how to use this feature, we will make a summary of the steps that will happen during exploitation.  w3af finds a vulnerability that allows remote command execution  The user exploits the vulnerability and starts the w3afAgent  W3af performs an extrusion scan by sending a small executable to the remote server. This executable connects back to w3af and allows the framework to identify outgoing firewall rules on the remote network.  W3afAgent Manager will send a w3afAgentClient to the remote server. The process of uploading the file to the remote server depends on the remote operating system, the privileges of the user running w3af and the local operating system; but in most cases the following happens: o W3af reuses the information from the first extrusion scan, which was performed in step 3 in order to know which port it can use to listen for connections from the compromised server. o If a TCP port is found to be allowed in the remote firewall, w3af will try to run a server on that port and make a reverse connection from the
compromised in order to download the PE/ELF generated file. If no TCP ports are enabled, w3af will send the ELF/PE file to the remote server using several calls to the “echo” command, which is rather slow, but should always work because it's an in-band transfer method.  W3afAgent Manager starts the w3afAgentServer that will bind on localhost: 1080 (which will be used by the w3af user) and on the interface configured in w3af (misc-settings->interface) on the port discovered during step 3.  The w3afAgentClient connects back to the w3afAgentServer, successfully creating the tunnel  The user configures the proxy listening on localhost:1080 on his preferred software  When the program connects to the socks proxy, all outgoing connections are routed through the compromised server  Authentication  Authorization  User management and fuzzy request for manual penetration testing.  Session management and compare .  Data validation, including all common attack • such as SQL Injection, Cross Site Scripting, Command Injection, Client Side Validation  Error handling and exception management  Auditing and logging Log: Log is normally a large quantity of text; you can enable and disable the different type of messages, using the checkboxes in the log bar. Note that these different types have different colors in the text itself. In the same bar you have a Search button, which enables the search functionality (explained in detail below).  Graphical representation of vulnerabilities.  Count information’s of vulnerabilities were displayed during scanning Results:
 Showing the what are the parameters passed in URL and displaying detail information  Request and Response information was displayed  Showing vulnerabilities in colors representation.  Exploitation ------------------------------------------ END--------------------------------------------------

Recommended

Web application attack and audit framework (w3af)
Web application attack and audit framework (w3af)Web application attack and audit framework (w3af)
Web application attack and audit framework (w3af)
Abhishek Choksi
 
w3af
w3afw3af
w3af
n|u - The Open Security Community
 
Software testing basic
Software testing basicSoftware testing basic
Software testing basic
Rohit Singh
 
Securing data with blockchain and ai
Securing data with blockchain and aiSecuring data with blockchain and ai
Securing data with blockchain and ai
Venkat Projects
 
Email Spoofing.pptx
Email Spoofing.pptxEmail Spoofing.pptx
Email Spoofing.pptx
Mumara Campaigns
 
Blockchain consensus algorithms
Blockchain consensus algorithmsBlockchain consensus algorithms
Blockchain consensus algorithms
Anurag Dashputre
 
Software Testing Principles
Software Testing PrinciplesSoftware Testing Principles
Software Testing Principles
Kanoah
 
Blockchain based e voting recording system design
Blockchain based e voting recording system designBlockchain based e voting recording system design
Blockchain based e voting recording system design
Sanjay Arakan
 

Recommended

Web application attack and audit framework (w3af)
Web application attack and audit framework (w3af)Web application attack and audit framework (w3af)
Web application attack and audit framework (w3af)
Abhishek Choksi
 
w3af
w3afw3af
w3af
n|u - The Open Security Community
 
Software testing basic
Software testing basicSoftware testing basic
Software testing basic
Rohit Singh
 
Securing data with blockchain and ai
Securing data with blockchain and aiSecuring data with blockchain and ai
Securing data with blockchain and ai
Venkat Projects
 
Email Spoofing.pptx
Email Spoofing.pptxEmail Spoofing.pptx
Email Spoofing.pptx
Mumara Campaigns
 
Blockchain consensus algorithms
Blockchain consensus algorithmsBlockchain consensus algorithms
Blockchain consensus algorithms
Anurag Dashputre
 
Software Testing Principles
Software Testing PrinciplesSoftware Testing Principles
Software Testing Principles
Kanoah
 
Blockchain based e voting recording system design
Blockchain based e voting recording system designBlockchain based e voting recording system design
Blockchain based e voting recording system design
Sanjay Arakan
 
Consensus Algorithms.pptx
Consensus Algorithms.pptxConsensus Algorithms.pptx
Consensus Algorithms.pptx
Rajapriya82
 
Clock synchronization in distributed system
Clock synchronization in distributed systemClock synchronization in distributed system
Clock synchronization in distributed system
Sunita Sahu
 
Operating Systems - Process Synchronization and Deadlocks
Operating Systems - Process Synchronization and DeadlocksOperating Systems - Process Synchronization and Deadlocks
Operating Systems - Process Synchronization and Deadlocks
Mukesh Chinta
 
Solidity
SoliditySolidity
Solidity
gavofyork
 
Blockchain Scalability - Architectures and Algorithms
Blockchain Scalability - Architectures and AlgorithmsBlockchain Scalability - Architectures and Algorithms
Blockchain Scalability - Architectures and Algorithms
Gokul Alex
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
Critical section operating system
Critical section operating systemCritical section operating system
Critical section operating system
Muhammad Baqar Kazmi
 
Secure Session Management
Secure Session ManagementSecure Session Management
Secure Session Management
GuidePoint Security, LLC
 
How to win big - Several Interesting Examples of Exploiting Financial & Gambl...
How to win big - Several Interesting Examples of Exploiting Financial & Gambl...How to win big - Several Interesting Examples of Exploiting Financial & Gambl...
How to win big - Several Interesting Examples of Exploiting Financial & Gambl...
Soroush Dalili
 
Firewalls
FirewallsFirewalls
Firewalls
Ram Dutt Shukla
 
Session hijacking
Session hijackingSession hijacking
Session hijacking
Gayatri Kapse
 
Software testing principles
Software testing principlesSoftware testing principles
Software testing principles
Donato Di Pierro
 
Cohesion and coupling
Cohesion and couplingCohesion and coupling
Cohesion and coupling
Aprajita (Abbey) Singh
 
Testing in multiplatform environment
Testing in multiplatform environmentTesting in multiplatform environment
Testing in multiplatform environment
shivanichauhan1953
 
Introduction to Automation Testing
Introduction to Automation TestingIntroduction to Automation Testing
Introduction to Automation Testing
Archana Krushnan
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
Pruthvi Monarch
 
Derevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameDerevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse game
Jaime Sánchez
 
Deadlock management
Deadlock managementDeadlock management
Deadlock management
Ahmed kasim
 
2.2. language evaluation criteria
2.2. language evaluation criteria2.2. language evaluation criteria
2.2. language evaluation criteria
annahallare_
 
Blockchain 2.0
Blockchain 2.0Blockchain 2.0
Blockchain 2.0
Jérôme Kehrli
 
Backtrack Manual Part6
Backtrack Manual Part6Backtrack Manual Part6
Backtrack Manual Part6
Nutan Kumar Panda
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWall
webhostingguy
 

More Related Content

What's hot

Consensus Algorithms.pptx
Consensus Algorithms.pptxConsensus Algorithms.pptx
Consensus Algorithms.pptx
Rajapriya82
 
Clock synchronization in distributed system
Clock synchronization in distributed systemClock synchronization in distributed system
Clock synchronization in distributed system
Sunita Sahu
 
Operating Systems - Process Synchronization and Deadlocks
Operating Systems - Process Synchronization and DeadlocksOperating Systems - Process Synchronization and Deadlocks
Operating Systems - Process Synchronization and Deadlocks
Mukesh Chinta
 
Solidity
SoliditySolidity
Solidity
gavofyork
 
Blockchain Scalability - Architectures and Algorithms
Blockchain Scalability - Architectures and AlgorithmsBlockchain Scalability - Architectures and Algorithms
Blockchain Scalability - Architectures and Algorithms
Gokul Alex
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
Critical section operating system
Critical section operating systemCritical section operating system
Critical section operating system
Muhammad Baqar Kazmi
 
Secure Session Management
Secure Session ManagementSecure Session Management
Secure Session Management
GuidePoint Security, LLC
 
How to win big - Several Interesting Examples of Exploiting Financial & Gambl...
How to win big - Several Interesting Examples of Exploiting Financial & Gambl...How to win big - Several Interesting Examples of Exploiting Financial & Gambl...
How to win big - Several Interesting Examples of Exploiting Financial & Gambl...
Soroush Dalili
 
Firewalls
FirewallsFirewalls
Firewalls
Ram Dutt Shukla
 
Session hijacking
Session hijackingSession hijacking
Session hijacking
Gayatri Kapse
 
Software testing principles
Software testing principlesSoftware testing principles
Software testing principles
Donato Di Pierro
 
Cohesion and coupling
Cohesion and couplingCohesion and coupling
Cohesion and coupling
Aprajita (Abbey) Singh
 
Testing in multiplatform environment
Testing in multiplatform environmentTesting in multiplatform environment
Testing in multiplatform environment
shivanichauhan1953
 
Introduction to Automation Testing
Introduction to Automation TestingIntroduction to Automation Testing
Introduction to Automation Testing
Archana Krushnan
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
Pruthvi Monarch
 
Derevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameDerevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse game
Jaime Sánchez
 
Deadlock management
Deadlock managementDeadlock management
Deadlock management
Ahmed kasim
 
2.2. language evaluation criteria
2.2. language evaluation criteria2.2. language evaluation criteria
2.2. language evaluation criteria
annahallare_
 
Blockchain 2.0
Blockchain 2.0Blockchain 2.0
Blockchain 2.0
Jérôme Kehrli
 

What's hot (20)

Consensus Algorithms.pptx
Consensus Algorithms.pptxConsensus Algorithms.pptx
Consensus Algorithms.pptx
 
Clock synchronization in distributed system
Clock synchronization in distributed systemClock synchronization in distributed system
Clock synchronization in distributed system
 
Operating Systems - Process Synchronization and Deadlocks
Operating Systems - Process Synchronization and DeadlocksOperating Systems - Process Synchronization and Deadlocks
Operating Systems - Process Synchronization and Deadlocks
 
Solidity
SoliditySolidity
Solidity
 
Blockchain Scalability - Architectures and Algorithms
Blockchain Scalability - Architectures and AlgorithmsBlockchain Scalability - Architectures and Algorithms
Blockchain Scalability - Architectures and Algorithms
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Critical section operating system
Critical section operating systemCritical section operating system
Critical section operating system
 
Secure Session Management
Secure Session ManagementSecure Session Management
Secure Session Management
 
How to win big - Several Interesting Examples of Exploiting Financial & Gambl...
How to win big - Several Interesting Examples of Exploiting Financial & Gambl...How to win big - Several Interesting Examples of Exploiting Financial & Gambl...
How to win big - Several Interesting Examples of Exploiting Financial & Gambl...
 
Firewalls
FirewallsFirewalls
Firewalls
 
Session hijacking
Session hijackingSession hijacking
Session hijacking
 
Software testing principles
Software testing principlesSoftware testing principles
Software testing principles
 
Cohesion and coupling
Cohesion and couplingCohesion and coupling
Cohesion and coupling
 
Testing in multiplatform environment
Testing in multiplatform environmentTesting in multiplatform environment
Testing in multiplatform environment
 
Introduction to Automation Testing
Introduction to Automation TestingIntroduction to Automation Testing
Introduction to Automation Testing
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
 
Derevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameDerevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse game
 
Deadlock management
Deadlock managementDeadlock management
Deadlock management
 
2.2. language evaluation criteria
2.2. language evaluation criteria2.2. language evaluation criteria
2.2. language evaluation criteria
 
Blockchain 2.0
Blockchain 2.0Blockchain 2.0
Blockchain 2.0
 

Similar to W3af

Backtrack Manual Part6
Backtrack Manual Part6Backtrack Manual Part6
Backtrack Manual Part6
Nutan Kumar Panda
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWall
webhostingguy
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWall
webhostingguy
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
ClubHack
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
karthikvcyber
 
Chapter 3-Processes.ppt
Chapter 3-Processes.pptChapter 3-Processes.ppt
Chapter 3-Processes.ppt
sirajmohammed35
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
AjayKumar73315
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Chapter 3-Processes2.pptx
Chapter 3-Processes2.pptxChapter 3-Processes2.pptx
Chapter 3-Processes2.pptx
MeymunaMohammed1
 
ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019
Alexander Master
 
Backtrack Manual Part7
Backtrack Manual Part7Backtrack Manual Part7
Backtrack Manual Part7
Nutan Kumar Panda
 
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
Alejandro Hernández
 
Banv
BanvBanv
Banv
netvis
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptx
saad504633
 
Monitoring in Big Data Platform - Albert Lewandowski, GetInData
Monitoring in Big Data Platform - Albert Lewandowski, GetInDataMonitoring in Big Data Platform - Albert Lewandowski, GetInData
Monitoring in Big Data Platform - Albert Lewandowski, GetInData
GetInData
 
Reverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniquesReverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniques
Eran Goldstein
 
Reverse engineering – debugging fundamentals
Reverse engineering – debugging fundamentalsReverse engineering – debugging fundamentals
Reverse engineering – debugging fundamentals
Eran Goldstein
 
Webappcontrol for Information Technology
Webappcontrol for Information TechnologyWebappcontrol for Information Technology
Webappcontrol for Information Technology
tiwariparivaar24
 

Similar to W3af (20)

Backtrack Manual Part6
Backtrack Manual Part6Backtrack Manual Part6
Backtrack Manual Part6
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWall
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWall
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
 
Chapter 3-Processes.ppt
Chapter 3-Processes.pptChapter 3-Processes.ppt
Chapter 3-Processes.ppt
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Chapter 3-Processes2.pptx
Chapter 3-Processes2.pptxChapter 3-Processes2.pptx
Chapter 3-Processes2.pptx
 
ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019
 
Backtrack Manual Part7
Backtrack Manual Part7Backtrack Manual Part7
Backtrack Manual Part7
 
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
 
Banv
BanvBanv
Banv
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptx
 
Monitoring in Big Data Platform - Albert Lewandowski, GetInData
Monitoring in Big Data Platform - Albert Lewandowski, GetInDataMonitoring in Big Data Platform - Albert Lewandowski, GetInData
Monitoring in Big Data Platform - Albert Lewandowski, GetInData
 
Reverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniquesReverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniques
 
Reverse engineering – debugging fundamentals
Reverse engineering – debugging fundamentalsReverse engineering – debugging fundamentals
Reverse engineering – debugging fundamentals
 
Webappcontrol for Information Technology
Webappcontrol for Information TechnologyWebappcontrol for Information Technology
Webappcontrol for Information Technology
 

W3af

  • 1. W3af –Web application attack and audit framework W3af is a complete environment for auditing and attacking web applications. This environment provides a solid platform for auditing and penetration-testing. It is working on python application. Compatibility for sites use embedded objects, like Macromedia Flash and Java applets, The framework has three types of plugins: discovery, audit and attack. Discovery plugins have only one responsibility, finding new URLs, forms, and other “injection points”. Audit plugins take the injection points found by discovery plugins and send specially crafted data to all of them in order to find vulnerabilities. Attack plugins objective is to exploit vulnerabilities found by audit plugins. They usually return a shell on the remote server, or a dump of remote tables in the case of SQL injections exploits. W3af has two user interfaces, the console user interface (consoleUI) and the graphical user interface (gtkUi). This user guide will focus on the consoleUI, which ismore fully tested and complete than the gtkUi. To fire up the consoleUI you just have to execute w3af without parameters and you will get a prompt like this one: $ ./w3af_console w3af>>> Graphical user interface (gtkUi) is a framework also has a graphical user interface that you can start by executing. The graphical user interface allows you to perform all the actions that the framework offers and features a much easier
  • 2. and faster way to start a scan and analyze the results. Here the screen shot-1 Three core types of plugins are discovery, audit and exploit. The complete list of plugins types is:  Discovery: Find new points of injection  Audit: To find vulnerabilities  Grep: It analyze all page content and find vulnerabilities on pages that are requested by other plugins  Exploit: Use the vulnerabilities found in the audit phase and return something useful to the user (remote shell, SQL table dump, a proxy, etc).
  • 3.  Output: The way the framework and the plugins communicate with the user. Output plugins save the data to a text or html file. Debugging information is also sent to the output plugins and can be saved for analysis.  Mangle: It allows modification of requests and responses based on regular expressions, think “sed (stream editor) for the web”.  Bruteforce: This plugins will bruteforce logins. These plugins are part of the discovery phase.  Evasion: Evasion plugins try to evade simple intrusion detection rules Key features: This following feature allows you to create a reverse tunnel that will route TCP connections through the compromised server. Unlike virtual daemon, this feature is ready to use and doesn't require any other software. Before going through an example to see how to use this feature, we will make a summary of the steps that will happen during exploitation.  w3af finds a vulnerability that allows remote command execution  The user exploits the vulnerability and starts the w3afAgent  W3af performs an extrusion scan by sending a small executable to the remote server. This executable connects back to w3af and allows the framework to identify outgoing firewall rules on the remote network.  W3afAgent Manager will send a w3afAgentClient to the remote server. The process of uploading the file to the remote server depends on the remote operating system, the privileges of the user running w3af and the local operating system; but in most cases the following happens: o W3af reuses the information from the first extrusion scan, which was performed in step 3 in order to know which port it can use to listen for connections from the compromised server. o If a TCP port is found to be allowed in the remote firewall, w3af will try to run a server on that port and make a reverse connection from the
  • 4. compromised in order to download the PE/ELF generated file. If no TCP ports are enabled, w3af will send the ELF/PE file to the remote server using several calls to the “echo” command, which is rather slow, but should always work because it's an in-band transfer method.  W3afAgent Manager starts the w3afAgentServer that will bind on localhost: 1080 (which will be used by the w3af user) and on the interface configured in w3af (misc-settings->interface) on the port discovered during step 3.  The w3afAgentClient connects back to the w3afAgentServer, successfully creating the tunnel  The user configures the proxy listening on localhost:1080 on his preferred software  When the program connects to the socks proxy, all outgoing connections are routed through the compromised server  Authentication  Authorization  User management and fuzzy request for manual penetration testing.  Session management and compare .  Data validation, including all common attack • such as SQL Injection, Cross Site Scripting, Command Injection, Client Side Validation  Error handling and exception management  Auditing and logging Log: Log is normally a large quantity of text; you can enable and disable the different type of messages, using the checkboxes in the log bar. Note that these different types have different colors in the text itself. In the same bar you have a Search button, which enables the search functionality (explained in detail below).  Graphical representation of vulnerabilities.  Count information’s of vulnerabilities were displayed during scanning Results:
  • 5. Showing the what are the parameters passed in URL and displaying detail information  Request and Response information was displayed  Showing vulnerabilities in colors representation.  Exploitation ------------------------------------------ END--------------------------------------------------