Hi Andrés I've already compiled a short list of variants of the host header attack. Some of them are simple to build, some of them are more tricky. Same is for the checks to be implemented to identify the vulnerability.
The most tricky part will be that you often need 2 or 3 requests and then compare the responses. In some cases there're at least 2 different URLs involved. Do you have a framework to construct such sequences in w3af? Anyway, can share my list if you like. Am 10.05.2013 15:23, schrieb Andres Riancho: > Great :) So lets start right away. Please read the article, and try to > identify the different vulnerabilities which are present there. Once > you've got that, think about which ones could be automated with w3af > and send an email to this thread. > > At this point w3af's features and code doesn't matter, you just want > to identify the vulnerabilities, and the steps required to identify > them in an automated way. Then, we'll try to match that with the w3af > framework and we'll worry about coding. With a clear idea of the steps > involved, it should be easy to get the code in a couple of hours. > > No rush to answer any of these emails, take your time. I understand > you're doing this on your spare time. I'll try to mentor you the best > way possible, it's my first time doing something like this (at least > calling it mentor) so let me know if there's something wrong. > > On Fri, May 10, 2013 at 10:14 AM, D M <vints...@gmail.com> wrote: >> Well I'd love to take this on with some help from you, Andres! >> >> Many thanks >> >> -Daniel >> — >> Sent from Mailbox for iPhone >> >> >> On Fri, May 10, 2013 at 9:11 AM, Andres Riancho <andres.rian...@gmail.com> >> wrote: >>> >>> Lists, >>> >>> After reading "Practical HTTP Host header attacks" [0] I thought >>> it would be fun to have a plugin that could detect (some) of the >>> attacks explained there. >>> >>> Since I'm focusing on other things over the next weeks, but still >>> can spend some hours on w3af, I thought that I could mentor someone to >>> write this plugin. So, if you never wrote a plugin, never read w3af's >>> source code, etc. and have time to spend doing geeky stuff, answer >>> this email and I'll mentor you during the whole process of writing the >>> plugin :) >>> >>> [0] >>> http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html >>> [1] https://github.com/andresriancho/w3af/issues/314 >>> >>> Regards, >>> -- >>> Andrés Riancho >>> Project Leader at w3af - http://w3af.org/ >>> Web Application Attack and Audit Framework >>> Twitter: @w3af >>> GPG: 0x93C344F3 ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
