This presentation will introduce ActiveScan++ and demonstrate how it can be used to easily identify complex vulnerabilities in real world applications. ActiveScan++ is an open source Python plugin that builds upon Burp Suite's basic active scanning functionality. This talk will cover the classic and exotic vulnerabilities it can detect, as well as the pros and pitfalls that can be found with the proxy-plugin approach to automated vulnerability hunting.
ActiveScan++ uses heuristic probes to efficiently assess the susceptibility of the target to a range of cutting edge attack techniques, such as host header poisoning and relative path overwrites. In addition, ActiveScan++ provides robust identification of blind attack issues, helping to locate rare but critical vulnerabilities such as code injection that pentesters can't afford to miss. Demonstrations of the underlying mechanics of these attacks, how they can be automatically detected, and how we can actively exploit them once they have been identified will be performed throughout the presentation.
The presentation will finish with a discussion of current research into automated detection of 'suspicious' behaviour, in a manner similar to the initial stages of manual testing. These new techniques allow generic detection of entire vulnerability classes by combining platform-independent payload sets with fuzzy pattern matching.
This presentation will host the first public release of this open source tool.
James Kettle Context Information Security James Kettle has extensive experience vulnerability bounty hunting across Mozilla's and Google's heavily secured infrastructure, resulting in being ranked 6th in Google's 0x0A list for 2012/13. As part of this he has performed security research culminating in novel attack techniques such as password reset and cache poisoning, affecting numerous popular web frameworks including Django, Drupal, Symfony and Joomla.