W3AF Console 2007
—Overview
W3af adalah singkatan dari web audit framework. W3af pada dasarnya adalah sebuah program python yang berfungsi untuk mengaudit keamanan sebuah website. W3af memiliki banyak plugin yang terbagi dalam serangan,misalnya: audit, mengeksploitasi, menemukan celah, bruteforce, mangle dan indentifikasi email si pemilik web. Dan artikel ini saya angkat dari sebuah blog yang diposting tahun 2007.
—Getting started
Dalam uji coba ini saya menggunakan backtrack 5, dan secara default sudah terinstall. Untuk bagian menunya bisa dilihat seperti banner diatas.
Jika anda menggunakan ubuntu, bisa langsung di ketik sudo apt-get install w3af
Oke, saya anggap smua sudah memulai tampilan awalnya yah. disini saya mengetik help.
Code :
1
2
3
4
5
6
7
8
9
10
11
12
13
| w3af>>> helpThe following commands are available:help You are here. help [command] prints more specific help.url-settings Configure the URL opener.misc-settings Configure w3af misc settings.session Load and save sessions.plugins Enable, disable and configure plugins.start Start site analysis.exploit Exploit a vulnerability.tools Enter the tools section.target Set the target URL.exit Exit w3af.w3af>>> |
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
| w3af>>> targetw3af/config:target>>> help|--------------------------------------------------------------------------------------------------|| view | List the available options and their values. || set | Set a parameter value. ||--------------------------------------------------------------------------------------------------|| back | Go to the previous menu. || exit | Exit w3af. || assert | Check assertion. ||--------------------------------------------------------------------------------------------------|w3af/config:target>>> set target http://www.fpi.or.id/w3af/config:target>>> view |
—Configurasi plugin.
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| w3af/config:target>>> backw3af>>> pluginsw3af/plugins>>> help|--------------------------------------------------------------------------------------|| list | List available plugins. ||--------------------------------------------------------------------------------------|| back | Go to the previous menu. || exit | Exit w3af. || assert | Check assertion. ||---------------------------------------------------------------------------------------|| discovery | View, configure and enable discovery plugins || output | View, configure and enable output plugins || mangle | View, configure and enable mangle plugins || evasion | View, configure and enable evasion plugins || bruteforce | View, configure and enable bruteforce plugins || audit | View, configure and enable audit plugins || grep | View, configure and enable grep plugins ||---------------------------------------------------------------------------------------| |
Disini saya menggunakan audit xss,xsrf,sqli.
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| w3af>>> pluginsw3af/plugins>>> help|--------------------------------------------------------------------------------------------------|| list | List available plugins. ||--------------------------------------------------------------------------------------------------|| back | Go to the previous menu. || exit | Exit w3af. || assert | Check assertion. ||--------------------------------------------------------------------------------------------------|| discovery | View, configure and enable discovery plugins || output | View, configure and enable output plugins || mangle | View, configure and enable mangle plugins || evasion | View, configure and enable evasion plugins || bruteforce | View, configure and enable bruteforce plugins || audit | View, configure and enable audit plugins || grep | View, configure and enable grep plugins ||--------------------------------------------------------------------------------------------------|w3af/plugins>>> audit xss,xsrf,sqliw3af/plugins>>> output console,htmlFilew3af/plugins>>> output config htmlFile |
Perlu diketahui, bentuk serangan yang bisa kita gunakan adalah conthnya sperti ini.
w3af/plugins>>> audit xss,xsrf,sqli
atau w3af/plugins>>> audit all
Contohnya:
1
2
3
4
5
6
7
8
9
| w3af/plugins>>> audit xssw3af/plugins>>> auditEnabled audit plugins:xssw3af/plugins>>> discovery webSpider,pykto,hmapw3af/plugins>>> discoveryEnabled discovery plugins:webSpiderpykto |
Code:
1
2
3
4
5
6
7
8
9
10
| w3af/plugins/output/config:htmlFile>>> view|--------------------------------------------------------------------------------------------------|| Setting | Value | Description ||--------------------------------------------------------------------------------------------------|| verbose | False | True if debug information will be appended to the report. || fileName | report.html | File name where this plugin will write to ||--------------------------------------------------------------------------------------------------|w3af/plugins/output/config:htmlFile>>> backw3af/plugins>>> backw3af>>> start |
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| w3af>>> startAuto-enabling plugin: grep.collectCookiesAuto-enabling plugin: grep.error500Found 2 URLs and 2 different points of injection.The list of URLs is:- http://www.fpi.or.id/- http://www.fpi.or.id/index.php?p=searchThe list of fuzzable requests is:- http://www.fpi.or.id/ | Method: GET- http://www.fpi.or.id/index.php?p=search | Method: POST | Parameters: (search="")Cross Site Scripting was found at: "http://www.fpi.or.id/index.php?p=search", using HTTP method POST. The sent post-data was: "search=<ScRIpT>alert(String.fromCharCode(vWv0))</SCriPT>&searchbtn=Cari". This vulnerability affects ALL browsers. This vulnerability was found in the request with id 18.The web application sent a persistent cookie.- PHPSESSID=01fb079704b7a5839a303fd843e68107; Path=/- PHPSESSID=01fb079704b7a5839a303fd843e68107; path=/Finished scanning process.w3af>>> |
Dalam artikel ini, dengan tegas saya hanya melakukan scanning pencarian celah dan melihat potensi defacingnya tanpa ada perusakan lebih lanjut.
—Done
0 comments: