Web Application Attack and Audit Framework: by Prachu Sharma

W3af is a web application attack and auditing framework similar to Metasploit. It combines mapping, discovery, and exploitation into three plugin types to audit websites for SQL injections, XSS vulnerabilities, file inclusions, and more. The discovery plugin finds URLs and injection points, the audit plugin tests those points with crafted data, and the exploit plugin then exploits any found vulnerabilities to return items like SQL dumps or a remote shell.

Uploaded by

iipradyumna

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

18 views

Web Application Attack and Audit Framework: by Prachu Sharma

Uploaded by

iipradyumna

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

You are on page 1/ 11

Web Application Attack and Audit Framework

By Prachu Sharma

W3af is a well known web attack and auditing framework. Very similar to Metasploit framework W3af combines all necessary actions for a complete web attack. Mapping Discovery Exploitation
This puts the framework into three major plug-ins.

Web Service Support Exploits

SQL injections(blind) OS commanding remote file inclusions local file inclusions XSS and more

A good harmony among plug-ins.

Discovery Plugin
URLS Injection Points

Audit Plugin
Uses the above injection points Sends crafted data to find vulnerabilities

Exploit Plugin
Exploits vulnerabilities found Provides SQL dumps / remote shell is returned

Find all the URLs Create Fuzzable request Plugins: WebSpider URL fuzzer Pykto GoogleFuzzer

They use the discovery plug-in outputs and find their respective vulnerabilities SQL Injection (blind)
XSS

Buffer Overflow
Response Splitting

Grep every HTTP request and response findComments passwordProfiling privateIP DirectoryIndexing Getmails lang

BruteForce
Bruteforce logins

Evasion
Modify the request to evade IDS detection

Mangle
Modify requests/responses based on regular expressions.

Output
Write logs .

Any
Question

THANKS TO

ALL

F5 Web Application Security: Radovan Gibala
100% (1)
F5 Web Application Security: Radovan Gibala
73 pages
Waf - Study
No ratings yet
Waf - Study
12 pages
Web Application Attack and Audit Framework
No ratings yet
Web Application Attack and Audit Framework
13 pages
W3af - A Framework To Own The Web
No ratings yet
W3af - A Framework To Own The Web
28 pages
Lab Assignment - 5 Informational Security Analysis and Audit
No ratings yet
Lab Assignment - 5 Informational Security Analysis and Audit
10 pages
W3af - Web Application Attack and Audit Framework Documentation
No ratings yet
W3af - Web Application Attack and Audit Framework Documentation
69 pages
W3af User Guide: Document Version: 1.9 Original Author: Andres Riancho
No ratings yet
W3af User Guide: Document Version: 1.9 Original Author: Andres Riancho
40 pages
Comparative Study of Web Application Penetration Testing Tools
No ratings yet
Comparative Study of Web Application Penetration Testing Tools
5 pages
W3af User Guide: Document Version: 2.1 Original Author: Andres Riancho
No ratings yet
W3af User Guide: Document Version: 2.1 Original Author: Andres Riancho
37 pages
W3af User Guide: Document Version: 2.1 Original Author: Andres Riancho
No ratings yet
W3af User Guide: Document Version: 2.1 Original Author: Andres Riancho
37 pages
W3af User Guide: Document Version: 2.1 Original Author: Andres Riancho
No ratings yet
W3af User Guide: Document Version: 2.1 Original Author: Andres Riancho
37 pages
Cyber Web App Security Roadmap v0 9
No ratings yet
Cyber Web App Security Roadmap v0 9
29 pages
03 - Web Application Penetration Testing (1)
No ratings yet
03 - Web Application Penetration Testing (1)
25 pages
[CyberSec'24] Lab01 - Student Version
No ratings yet
[CyberSec'24] Lab01 - Student Version
47 pages
Slide f5 PDF
No ratings yet
Slide f5 PDF
65 pages
Vulnerabilities in Modern Web Applications
100% (1)
Vulnerabilities in Modern Web Applications
34 pages
Webinar 1531 Slides
No ratings yet
Webinar 1531 Slides
16 pages
Web Application Vulnerabilities Compiled
No ratings yet
Web Application Vulnerabilities Compiled
21 pages
Web Application Security and Standards
No ratings yet
Web Application Security and Standards
12 pages
Web Security (CAT-309) - Unit 1 Lecture 2
No ratings yet
Web Security (CAT-309) - Unit 1 Lecture 2
11 pages
C4778029320
No ratings yet
C4778029320
7 pages
Web Hacking: CEH Test Prep Video Series
No ratings yet
Web Hacking: CEH Test Prep Video Series
9 pages
A Survey On Web Application Security: Xiaowei Li and Yuan Xue
No ratings yet
A Survey On Web Application Security: Xiaowei Li and Yuan Xue
14 pages
12 Ceh Hacking Web Applications
0% (1)
12 Ceh Hacking Web Applications
111 pages
WebApplication Unit 3
No ratings yet
WebApplication Unit 3
37 pages
Anatomy of A SOA, XML and Web Services Attack
No ratings yet
Anatomy of A SOA, XML and Web Services Attack
18 pages
Computer Security Chapter 6
No ratings yet
Computer Security Chapter 6
14 pages
Lec3 (2)
No ratings yet
Lec3 (2)
24 pages
BH Usa 07 Gutesman - Futoransky - and - Waissbein WP
No ratings yet
BH Usa 07 Gutesman - Futoransky - and - Waissbein WP
16 pages
Web Security
No ratings yet
Web Security
12 pages
Web Security For Developers
No ratings yet
Web Security For Developers
8 pages
2 Introduction To Web Applications
No ratings yet
2 Introduction To Web Applications
57 pages
Ebook Security For Web Developers
No ratings yet
Ebook Security For Web Developers
114 pages
Analyzing Web Traffic
No ratings yet
Analyzing Web Traffic
16 pages
Web Application Security
No ratings yet
Web Application Security
1 page
Web Vulnerability Measures For Smes
No ratings yet
Web Vulnerability Measures For Smes
10 pages
F5
100% (2)
F5
38 pages
Topic 6 - Web Applications Security
No ratings yet
Topic 6 - Web Applications Security
36 pages
Application
No ratings yet
Application
22 pages
Chapter 05 - Application Attacks - Handout
No ratings yet
Chapter 05 - Application Attacks - Handout
59 pages
updatedunit2 (1)
No ratings yet
updatedunit2 (1)
71 pages
Web Server and Its Types of Attacks
No ratings yet
Web Server and Its Types of Attacks
6 pages
WEB EXPLOITATION
No ratings yet
WEB EXPLOITATION
18 pages
Unit III
No ratings yet
Unit III
84 pages
Testing Web Application Scanner Tools: Elizabeth Fong and Romain Gaucher Nist
No ratings yet
Testing Web Application Scanner Tools: Elizabeth Fong and Romain Gaucher Nist
41 pages
Survey of Python-Based Web Application Frameworks - Jake Howard
No ratings yet
Survey of Python-Based Web Application Frameworks - Jake Howard
9 pages
Application Security
No ratings yet
Application Security
29 pages
H D Moore Director of Security Research
No ratings yet
H D Moore Director of Security Research
26 pages
4.1 Web Application Vulnerabilities - OWASP - ZSS
No ratings yet
4.1 Web Application Vulnerabilities - OWASP - ZSS
20 pages
Unit 2
No ratings yet
Unit 2
67 pages
Web Application Security
No ratings yet
Web Application Security
55 pages
Attacking Ajax Applications Web20 Expo
No ratings yet
Attacking Ajax Applications Web20 Expo
65 pages
Sql Injection Best Method for Begineers
From Everand
Sql Injection Best Method for Begineers
Kishor Sarkar X
No ratings yet
WAF (Web Application Firewall)
100% (1)
WAF (Web Application Firewall)
5 pages
Module 05 Application and web security - HJ
No ratings yet
Module 05 Application and web security - HJ
25 pages
Web Pentest
No ratings yet
Web Pentest
9 pages
1.1 The Evolution of Web Applications
No ratings yet
1.1 The Evolution of Web Applications
9 pages
Security
No ratings yet
Security
13 pages
Web Application Attack - Eryk Budi Pratama
No ratings yet
Web Application Attack - Eryk Budi Pratama
24 pages
Django Unleashed: Building Web Applications with Python's Framework
From Everand
Django Unleashed: Building Web Applications with Python's Framework
Kameron Hussain
No ratings yet

Web Application Attack and Audit Framework: by Prachu Sharma

Uploaded by

Web Application Attack and Audit Framework: by Prachu Sharma

Uploaded by

Web Application Attack and Audit Framework

Web Service Support Exploits

A good harmony among plug-ins.

You might also like