Professional Documents
Culture Documents
Lab Assignment - 5 Informational Security Analysis and Audit
Lab Assignment - 5 Informational Security Analysis and Audit
REG NO : 18BCE0379
TEAM : 4
Phases :
w3af follows the steps you would perfom in a web
application penetration test, see “Web Application Scanning” above. In
order to do so it defines different types of plugins which are going to be
called by the core in a specific order.
Starting with a target URL provided by the user, w3af will
first try to identify all URLs, forms and query string parameters in the
application by the means of crawl plugins. A very good example of this
type of plugin is the web_spider which will extract URLs from a page,
follow those links and once again extract URLs from it. Following that
process it will create a complete application link and form map.
Once the application has been mapped, audit plugins will
send specially crafted strings to each parameter in order to trigger bugs in
the application’s code. When a bug is found it will be reported to the user.
The most used audit plugin is sqli which will find error-based SQL
injections.
Identified vulnerabilities, debug and error messages, all are
reported to the user with output plugins. These plugins will write the
messages in different formats to suit your needs. In most cases a text file
is what users need, but for integration into other tools XML file format is
also available.
Scanning :
In this section is explained the different steps to configure, start
and supervise a security scanning over a web site.
Here we are going with configuration used for cross site scripting and
sql injection vulnerabilities.
https://vtop.vit.ac.in/vtop/initialProcess
Next, you need to configure w3af to use a set of crawl plugins in order to
identify the links and forms where the vulnerabilities might be located. In
order to keep this example simple,
we’ll just enable the web_spider plugin. To achieve this click on “crawl”
on the Plugin tree, scroll down and enable web_spider:
w3af can now identify all inputs, but it won’t identify Cross-Site
Scriptings and SQL injections unless we instruct it to by enabling the
corresponding audit plugins. In this case the plugins are xss and sqli. Also
in the plugin tree, open the audit plugin branch and enable the plugins.
Before starting the scan you can save the current settings to
a profile which will help you repeat this scan in a next run, or customize
it with advanced settings. On the profile list right-click
over empty_profile, which should be in bold letters indicating that
changes have been made to it, and select “Save configuration to a new
profile”. Complete the required information and you should see a new
profile in the list.
Output :
Now we’re ready to start the scan! In the main menu find the play icon
and click it, it will start the scan with the current configuration.
After starting the scan w3af will change it’s tab to the “Log” where you’ll
be able to see what’s going on in the framework. At any point you can
switch to the “Results” tab and browse through the Knowledge Base tree.
When you click on a vulnerability you’ll be able to see the following
information:
Vulnerability description
HTTP request and response associated with the vulnerability
For v top website we found the above urls for implanting vulnerabilities.
And there we can exploit sql and cross site scripting vulnerabilities