Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Jaeles - The Swiss Army knife for automated Web Application Testing

j3ssie
December 06, 2019
Technology
0
10k

Jaeles - The Swiss Army knife for automated Web Application Testing

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.
Official documentation: https://jaeles-project.github.io/
Official Repositories: https://github.com/jaeles-project/jaeles
Contact: @j3ssiejjj

j3ssie

December 06, 2019
Tweet

More Decks by j3ssie

See All by j3ssie
Build your own reconnaissance system with Osmedeus Next Generation
j3ssie
0
130

Other Decks in Technology

See All in Technology
事業とプロダクト間のインターフェース作り
daikisuyama
0
400
とあるQAエンジニアが、マイクロサービスの開発チームと、出会ったーー / Scrum Fest Niigata 2023
yoyakoba
0
110
社内でChatGPTを利用するためのガイドラインを整備した話
yoshikieguchi
0
670
C# の async/await は実際にどうやって動いているか
nenonaninu
1
5.5k
Snowflake リーダーアカウントを利用したデータ共有について
bergkamp
0
120
ChatGPTとこころを整理してみる
nagauta
0
180
開発PM勉強会vol.20_LT_失敗から学ぶドキュメントとチケット運用のコツ
kikuchis
1
570
AIシステム開発におけるQA/QA in AI System development
mineo_matsuya
3
940
ShowNet2022 Topology
shownet
PRO
0
640
リリースノートにないCDKのアップデートを見てみよう
watany
0
680
OpenAI社のWhisper APIを使ってみた! / ChatGPT研究会 第7弾 (ALGYAN)
you
0
250
[春のDojo祭り'23] データドリブンな時代に求められるプロセスマイニング入門
tkhresk
0
130

Featured

See All Featured
GitHub's CSS Performance
jonrohan
1022
430k
Why You Should Never Use an ORM
jnunemaker
PRO
49
8.1k
KATA
mclloyd
13
10k
Practical Orchestrator
shlominoach
179
9.1k
Atom: Resistance is Futile
akmur
256
24k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
236
1.1M
The Illustrated Children's Guide to Kubernetes
chrisshort
25
44k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
3.5k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
9
770
The Brand Is Dead. Long Live the Brand.
mthomps
48
3.6k
Building Adaptive Systems
keathley
29
1.4k
Web Components: a chance to create the future
zenorocha
304
41k

Transcript

  1. Build your own automated Web Application Scanner
    with Jaeles Framework
    Ai Ho - @j3ssiejjj

    View Slide

  2. • Amateur hacker and developer combined.
    • Open-source lover.
    • Author of kind of famous projects: Osmedeus, Jaeles and Metabigor.
    • Acknowledge by / Security hall of fame: Microsoft, StackOverflow, DoD,
    Django, IBM, Sony, Dell, Adobe, Mastercard, Ford and so on.
    whoami
    @j3ssiejjj
    https://github.com/j3ssie

    View Slide

  3. • Why?
    • Architecture
    • Showcases
    Outline
    https://github.com/jaeles-project/jaeles

    View Slide

  4. Why building Jaeles? To build
    • A scanner that can take advantage of your experience.
    • Something that can check one or many things on many hosts.
    • Something that can easily be extensible.
    • A scanner that you can totally control it.
    • Something that is flexible allowed you to easily integrate with other tools.

    View Slide

  5. What Jaeles can do?
    • Checking for known vulnerabilities.
    • Fuzzer.
    • Directory brute force / Content discovery.
    • Technology fingerprint.
    • Probing HTTP.
    • Monitor.
    • And More!
    Depend on your creativity.

    View Slide

  6. Architecture

    View Slide

  7. Architecture
    Requests or URLs can be provided in many way

    View Slide

  8. Architecture
    Signature file is written in YAML format

    View Slide

  9. There are 3 kinds of Signatures: single, list, fuzz.
    Signature In-depth

    View Slide

  10. Used to define type of signature index signature in a DB.
    Signature In-depth 》Info

    View Slide

  11. Info
    Reference Info

    View Slide

  12. Original Request to compare in detection
    Signature In-depth 》Origin Request

    View Slide

  13. Origin Request
    Replaced by variable

    View Slide

  14. Signature In-depth 》Variables & Payloads
    Resource for building lists of requests by single file. Format follow by default golang template engine.
    Payloads only available in fuzz signature

    View Slide

  15. Signature In-depth 》Variables & Payloads
    Default variables parsed from URL input

    View Slide

  16. Variables
    Replaced by variable

    View Slide

  17. Signature In-depth 》Variables & Payloads
    Some Variables API to generate many request by using one signature

    View Slide

  18. Variables API
    Replaced by variable

    View Slide

  19. Signature In-depth 》Payloads
    Resource for building lists of requests by single file. Format follow by default golang template engine.

    View Slide

  20. Generator
    Payload

    View Slide

  21. Signature In-depth 》Request Builder
    Building list of request from input and detect if it’s vulnerable or not

    View Slide

  22. Signature In-depth 》Request Builder 》Request Component
    Detail info about request like method, URL, headers, etc.

    View Slide

  23. Request Component

    View Slide

  24. Request Component

    View Slide

  25. Signature In-depth 》Request Builder 》Detections
    Do some logical on based on detections script to determine request is
    vulnerable or not.

    View Slide

  26. Detections was written in Javascript so you can write whatever you want with some predefined
    function below as long as you return boolean value to determine it’s found something or not.
    Signature In-depth 》Request Builder 》Detections

    View Slide

  27. View Slide

  28. Multiples Detection

    View Slide

  29. Demo
    https://www.youtube.com/playlist?list=PLqpLl_iGMLnCBBC-TQZVxQAoFXWjTlGoV
    https://jaeles-project.github.io/showcases/

    View Slide

  30. Signature In-depth 》Request Builder 》Generators & Encoding
    Only available in fuzz signature.
    Provide some functions to generate request based on the template request with payloads.

    View Slide

  31. Signature In-depth 》Request Builder 》Generators & Encoding
    Path("{{.payload}}", "*")
    Replace each path of request by the payload.
    Header("{{.payload}}", "X-Filename")
    Adding new X-Filename header to request or replace an old one.
    Query("{{.original}}{{.payload}}"); Method("PUT")
    Append each query value with payload and change method to PUT.

    View Slide

  32. Generators
    Use Payloads with variables

    View Slide

  33. Signature In-depth 》Request Builder 》Middleware
    Middleware
    Doing some extra task before sending a request to target.

    View Slide

  34. Passive Detection
    Like Detection part but check for every request

    View Slide

  35. Passive Detection
    Or can only triggered for specific request if it satisfied the detection

    View Slide

  36. Burp Intergration

    View Slide

  37. Burp Intergration

    View Slide

  38. Burp Intergration

    View Slide

  39. Web UI
    Web UI powered by React

    View Slide

  40. Web UI

    View Slide

  41. View Slide

  42. View Slide

  43. Planned Features
    • Adding more signatures.
    • Adding more input sources.
    • Adding proxy plugins to directly receive input from browser of
    http client.
    • Adding passive signature for passive checking each request.
    • Adding more APIs to get access to more properties of the
    request.
    • Integrate with many other tools.

    View Slide

  44. Takeaways
    Official Documentation: https://jaeles-project.github.io/
    If you didn't find anything blame your signature, not my tool :P
    @j3ssiejjj

    View Slide

  45. Thank you for your attention!
    @j3ssiejjj
    Supporting me at https://jaeles-project.github.io/donation/

    View Slide