Jaeles - The Swiss Army knife for automated Web Application Testing

Transcript

1. Build your own automated Web Application Scanner with Jaeles Framework

   Ai Ho - @j3ssiejjj

2. • Amateur hacker and developer combined. • Open-source lover. •

   Author of kind of famous projects: Osmedeus, Jaeles and Metabigor. • Acknowledge by / Security hall of fame: Microsoft, StackOverflow, DoD, Django, IBM, Sony, Dell, Adobe, Mastercard, Ford and so on. whoami @j3ssiejjj https://github.com/j3ssie

3. • Why? • Architecture • Showcases Outline https://github.com/jaeles-project/jaeles

4. Why building Jaeles? To build • A scanner that can

   take advantage of your experience. • Something that can check one or many things on many hosts. • Something that can easily be extensible. • A scanner that you can totally control it. • Something that is flexible allowed you to easily integrate with other tools.

5. What Jaeles can do? • Checking for known vulnerabilities. •

   Fuzzer. • Directory brute force / Content discovery. • Technology fingerprint. • Probing HTTP. • Monitor. • And More! Depend on your creativity.

6. Architecture

7. Architecture Requests or URLs can be provided in many way

8. Architecture Signature file is written in YAML format

9. There are 3 kinds of Signatures: single, list, fuzz. Signature

   In-depth

10. Used to define type of signature index signature in a

    DB. Signature In-depth 》Info

11. Info Reference Info

12. Original Request to compare in detection Signature In-depth 》Origin Request

13. Origin Request Replaced by variable

14. Signature In-depth 》Variables & Payloads Resource for building lists of

    requests by single file. Format follow by default golang template engine. Payloads only available in fuzz signature

15. Signature In-depth 》Variables & Payloads Default variables parsed from URL

    input

16. Variables Replaced by variable

17. Signature In-depth 》Variables & Payloads Some Variables API to generate

    many request by using one signature

18. Variables API Replaced by variable

19. Signature In-depth 》Payloads Resource for building lists of requests by

    single file. Format follow by default golang template engine.

20. Generator Payload

21. Signature In-depth 》Request Builder Building list of request from input

    and detect if it’s vulnerable or not

22. Signature In-depth 》Request Builder 》Request Component Detail info about request

    like method, URL, headers, etc.

23. Request Component

24. Request Component

25. Signature In-depth 》Request Builder 》Detections Do some logical on based

    on detections script to determine request is vulnerable or not.

26. Detections was written in Javascript so you can write whatever

    you want with some predefined function below as long as you return boolean value to determine it’s found something or not. Signature In-depth 》Request Builder 》Detections
27. None

28. Multiples Detection

29. Demo https://www.youtube.com/playlist?list=PLqpLl_iGMLnCBBC-TQZVxQAoFXWjTlGoV https://jaeles-project.github.io/showcases/

30. Signature In-depth 》Request Builder 》Generators & Encoding Only available in

    fuzz signature. Provide some functions to generate request based on the template request with payloads.

31. Signature In-depth 》Request Builder 》Generators & Encoding Path("{{.payload}}", "*") Replace

    each path of request by the payload. Header("{{.payload}}", "X-Filename") Adding new X-Filename header to request or replace an old one. Query("{{.original}}{{.payload}}"); Method("PUT") Append each query value with payload and change method to PUT.

32. Generators Use Payloads with variables

33. Signature In-depth 》Request Builder 》Middleware Middleware Doing some extra task

    before sending a request to target.

34. Passive Detection Like Detection part but check for every request

35. Passive Detection Or can only triggered for specific request if

    it satisfied the detection

36. Burp Intergration

37. Burp Intergration

38. Burp Intergration

39. Web UI Web UI powered by React

40. Web UI

41. None
42. None

43. Planned Features • Adding more signatures. • Adding more input

    sources. • Adding proxy plugins to directly receive input from browser of http client. • Adding passive signature for passive checking each request. • Adding more APIs to get access to more properties of the request. • Integrate with many other tools.

44. Takeaways Official Documentation: https://jaeles-project.github.io/ If you didn't find anything blame

    your signature, not my tool :P @j3ssiejjj

45. Thank you for your attention! @j3ssiejjj Supporting me at https://jaeles-project.github.io/donation/