Web Hacking Tester. What do you look for?
When analyzing the security of a website, what type of code or situations do you look for. I'm working on a project that will scan a website, and point out areas that might be problematic, security wise.
This isn't going to be some 'point and hack' thing, more of a tool for new admins to quickly analyze the security of a site they're taking over.
Any help here would be appreciated.
digitalchameleon wrote: Thanks nick. Now it's just a matter of figuring out how to get my program to recognize these types of things. Tricky part is I'm looking over webpages, not source code. Any suggestions?
gonna take a good bit of regex most likely, unless you can find another way to do it. ask someone that's done something like it before, i think it's crackerjack at EG that's making a SQL injection tool that's able to recognize errors, so shoot him some questions about how he did it, and maybe that'll help ya.
Your going to create a program that scans a web page (not its source) for potential problems? I guess if theres a shout box it can possibly see if it can inject JS into it, or maybe in a signature. As for avatars, I don't know what it would look for. The source would probably be more efficient and catch more exploits. But I'm new to this so I'm probably wrong.
you can put a non-image in it. By putting variables in the URL, like www.site.com/index?newpass=hacked&sig=hacked then putting that as the avatar, whoever views it will unknowingly visit that url, thus changing their password and sig.
There's only one way to do this, IO analysing. It's hard, it's complicated, and it's easy to make mistakes.
Basically you input something (call it var_a) and you look what the output is.
The output can be several things, including, but not limited to:
SQL errors (easy to scan for these, just scan for common words in (sql) errors)
XSS (guess it's easy to scan for basic xss but with more complicated xss it is VERY hard to look for potential danger. There was a topic on ha.ckers about this, ill search it for you)
Code Execution (like PHP, the easiest way is probably input code like echo 5+5; and search for "10" on the page or something)
Harder things are vulns like SQL overflow (input id=superlargenumberhere, and the server will execute it so you could overflow it, I guess you could scan for server load times and search for peaks)
Regex has been named, it's important for analysing security issues.
Good luck.
EDIT: http://sla.ckers.org/forum/read.php?12,12074,12218#msg-12218
XSS scanner sourcecode. (and guess what, it's in python. :D)
Yeah, it's in python. I made that web spider, based on the HTMLParser class, and now I'm looking for something to do with it. I'm using urllib. Not fond of messing with sockets unless it's required. You can check out the source in the code bank. Right now, it limits itself to a single domain, but that's easy to change.
Think that I might take the spider in another direction (it's kinda cool, but not very useful) and work on something that searches source code instead. I'm not fond of regex, nor am I familiar with the re module.
Thanks for the link spyware. Thanks everyone.
Yeah, I suck with regex too, which is why i went with the htmlparser. It seems like if I had gone the re way, and searched for, identified and acted upon tags in a file(ish) object, I would eventually be making my own version of the html parser. Also, scanning pages for links isn't quite that simple for example some python code: if x<a: print 'smaller than a' if x>q: continue
would confuse simple re searches, wouldn't it?