webcruiser web vulnerability scanner user guide

webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide

WebCruiser Web Vulnerability Scanner User Guide

Content

1 Software Introduction 2

2 Key Features 3

2.1 POST Data Resend 3

2.2 Vulnerability Scanner 6

2.3 SQL Injection 8

2.3.1 POST SQL Injection 8

2.3.2 Cookie SQL Injection Demo 10

2.3.3 Cross Site SQL Injection 13

2.4 Cross Site Scripting 13

2.5 XPath Injection 15

2.6 Multi-functional Web Browser 17

2.6.1 POST Web Browser 17

2.6.2 Cookie Web Browser 19

2.7 Fill in Forms 21

2.8 Report 22

2.9 Escape Special Character Filter 24

3 Order/Registration 26

4 FAQ 26

V2.5 by Janus Security

http://www.janusec.com/ http://sec4app.com

1 Software Introduction

WebCruiser - Web Vulnerability Scanner

WebCruiser - Web Vulnerability Scanner, it is a powerful web security penetration test software that will aid you in auditing your site! It has a Vulnerability Scanner and a series of security tools

It can support scanning website as well as POC (Proof of concept) for web vulnerabilities: SQL Injection, Cross Site Scripting, XPath Injection etc So, WebCruiser

is also an automatic SQL injection tool, an XPath injection tool, and a Cross Site Scripting tool!

Key Features:

* Crawler(Site Directories And Files);

* Vulnerability Scanner: SQL Injection, Cross Site Scripting, XPath Injection etc.;

* SQL Injection Scanner;

* SQL Injection Tool: GET/Post/Cookie Injection POC(Proof of Concept);

* SQL Injection for SQL Server: PlainText/Union/Blind Injection;

* SQL Injection for MySQL: PlainText/Union/Blind Injection;

* SQL Injection for Oracle: PlainText/Union/Blind/CrossSite Injection;

* SQL Injection for DB2: Union/Blind Injection;

* SQL Injection for Access: Union/Blind Injection;

* Post Data Resend;

* Cross Site Scripting Scanner and POC;

* XPath Injection Scanner and POC;

* Auto Get Cookie From Web Browser For Authentication;

* Report Output

System Requirement: Net Framework 2.0 or higher

Software Disclaimer:

* Authorization must be obtained from the web application owner;

* This program will try to get each link and post any data when scanning;

* Backup the database before scanning so as to avoid disaster

* Using this software at your own risk

E-mail: janusecurity@gmail.com

http://sec4app.com

http://www.janusec.com

2 Key Features

2.1.POST Data Resend

When you Post any data, WebCruiser will capture the Post data automatically First, let's login a demo application:

Switch to tabpage "Resend", the Post data has been captured here :

Now, you can modify the post data and resend them

Let's try to use it for SQL Injection:

First, modify the value of username to admin' and '1'='1

Second, modify the value of username to admin' and '1'='2

We got different response It means that this application has a vulnerability of SQL Injection

2.2.Vulnerability Scanner

Scan your web application for vulnerabilities

1 Open Web application and click “Scan Site" for whole site scanning or "Scan URL" only for current URL

Or, select "Vulnerability Scanner" tool, and click "Scan Current Site":

3 Scan Result(Above is Site Structure, and the following table is vulnerabilities):

4 Right click each vulnerabilities, then you can launch SQL Injection or Cross Site Scripting POC( Proof of Concept):

* SQL Server: PlainText/FieldEcho(Union)/Blind Injection;

* MySQL/DB2/Access: FieldEcho(Union)/Blind Injection;

* Oracle: FieldEcho(Union)/Blind/CrossSite Injection;

2.3.1 POST SQL Injection

Take the above scanner for example, right click a Vulnerability, select SQL Injection POC

It will launch the SQL Injection POC tool and fill the relevant information

This is a POST SQL Injection Demo

Click “Get Environment Information”

3 If you need more information, switch to “DataBase”:

2.3.2 Cookie SQL Injection Demo

* Similar to POST, Now you know this application has a user which username=admin,Input username=admin and press "Enter" key to navigate it :

View Cookie:

Try to get environment information:

Input the following at Data box:

username=111' union all select 1,current server,chr(97) from

sysibm.sysdummy1 Note: 111 is a username that not exist Press "Enter":

2.3.3 Cross Site SQL Injection

WebCruiser support Cross Site SQL Injection for Oracle

2.4.Cross Site Scripting

There are two types of XSS:

* Cross Site Scripting(URL);

* Cross Site Scripting(Form);

Scanning is not necessary for XSS, you can use this function directly

Take launching XSS from the scanner for example:

1 Right Click a Vulnerability in Scanner, select “Cross Site Scripting(Form) POC” or

“Cross Site Scripting(URL) POC” :

2 Replace XSS code and Click "Manual XSS Test".

3 Usually your input will occur in the Response Code or in the refer page:

2.5.XPath Injection

Similar to SQL Injection, XPath Injection attacks occur when a web site uses supplied information to construct an XPath query for XML data By sending intentionally malformed information into the web site, an attacker can find out how the XML data is structured, or access data that he may not normally have access to He may even be able to elevate his privileges on the web site if the XML data is being used for authentication (such as an XML based user file)

user-Querying XML is done with XPath, a type of simple descriptive statement that allows theXML query to locate a piece of information Like SQL, you can specify certain attributes

to find, and patterns to match When using XML for a web site it is common to accept some form of input on the query string to identify the content to locate and display on the page This input must be sanitized to verify that it doesn't mess up the XPath query and return the wrong data

XPath is a standard language; its notation/syntax is always implementation independent,which means the attack may be automated There are no different dialects as it takes place in requests to the SQL databeses

Because there is no level access control it's possible to get the entire document We won't

encounter any limitations as we may know from SQL injection attacks

Example:

More information about XPath Injection, please refer to:

http://sec4app.com/download/XPathInjection.pdf

2.6.Multi-functional Web Browser

2.6.1 POST Web Browser

Specify the POST data for web browser, just input the URL and POST data, and press

"Enter" key

2.6.2 Cookie Web Browser

You can specify the cookie simply as follow:

You can modify the cookie at yourself.

2.7.Fill in Forms

WebCruiser can fill in a form according to your input even the field is read only Switch the request type to "POST", input the expression in the data input box[1], and click the Fill button[2], then it will fill the form[3]

Usually, it is not necessary to do so It is useful for these scenarios:

A Input box is read only;

B Copy and paste is disabled;

C Hidden or invisible input box;

And so on

2.8.Report

You can get the scan report by the report tool:

Here is part style of report:

2.9.Escape Special Character Filter

When operating SQL Injection, you will find some web application will escape single quotes, for example, the Oracle SQL is:

Select COLUMN_NAME FROM user_tab_columns WHERE table_name='admin'

Because there is single quotes in the SQL, so common injection will not work

Escape Filter can help you test the application, WebCruiser has a string tool which can encode the string

SQL Server:

MySQL:

The above SQL can be instead by:

Select COLUMN_NAME FROM user_tab_columns WHERE table_name= chr(97)|| chr(100)||chr(109)||chr(105)||chr(110)

3 Order/Registration

WebCruiser - Web Vulnerability Scanner Order page:

http://sec4app.com/order.htm (Pay by RegNow)

http://www.janusec.com/ (Pay by PayPal)

If you like it, you can order it from RegNow or PayPal:

Personal Edition (Non-Commercial License):

https://www.regnow.com/softsell/nph-softsell.cgi?item=25854-1

Enterprise Edition (Commercial License):

https://www.regnow.com/softsell/nph-softsell.cgi?item=25854-2

RegNow will send you the Registration Code

Alternative Payment by PayPal: http://www.janusec.com/

Thank you for choosing WebCruiser

4 FAQ

Q: Why I can not run WebCruiser on my computer?

A: It need Windows with Net Framework 2.0 or above, if you have not installed Net Framework, please download it from Microsoft web site Usually, Windows XP and earlier has not .Net Framework installed, but Windows Vista and Windows 7 has .Net Framework Integrated already The URL for Net Framework 2.0 is:

8EDD-AAB15C5E04F5&displaylang=en

http://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-Q: What is the difference between the Professional and Enterprise Edition?

A: They are different in License type

 Personal Edition is for security professionals, masters of individual websites etc., non-commercial purpose, 12-month update and support service;

 Enterprise Edition is for enterprises, institution, or commercial organizations, month update and support service with top priority

Access Injection Yes Yes

Support Web Site:

http://sec4app.com/

http://www.janusec.com/

E-mail: janusecurity@gmail.com