Active Scan Augmenting Manual Testing with Attack Proxy Plugins

Explore advanced web application security techniques in this 39-minute conference talk from AppSecEU 2014. Dive into ActiveScan++, an open-source Python plugin for Burp Suite that enhances active scanning capabilities. Learn how to identify complex vulnerabilities in real-world applications, including host header poisoning, relative path overwrites, and code injection. Discover the mechanics behind these attacks, automated detection methods, and exploitation techniques. Gain insights into current research on detecting suspicious behavior using platform-independent payload sets and fuzzy pattern matching. Witness the first public release of this open-source tool and understand its potential to revolutionize automated vulnerability hunting in web security testing.

Intro
About me
Outline
Issues with typical scanners
Writing the code
Why the code
Crosssite scripting
Password reset
Cache poisoning
Cache poisoning attack
Host header poisoning
Testing for cache poisoning
DNS Rebinding
DNS Pinning
Burp
Relative links
Directory traversal vulnerability
Use a payload
Problems
Breaking
HTTP responses
Regular expressions
Conclusion