Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Jaeles - The Swiss Army knife for automated Web Application Testing

936e36ed2efd75547d4b79c47d563bd2?s=47 j3ssie
December 06, 2019

Jaeles - The Swiss Army knife for automated Web Application Testing

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.
Official documentation: https://jaeles-project.github.io/
Official Repositories: https://github.com/jaeles-project/jaeles
Contact: @j3ssiejjj

936e36ed2efd75547d4b79c47d563bd2?s=128

j3ssie

December 06, 2019
Tweet

Transcript

  1. Build your own automated Web Application Scanner with Jaeles Framework

    Ai Ho - @j3ssiejjj
  2. • Amateur hacker and developer combined. • Open-source lover. •

    Author of kind of famous projects: Osmedeus, Jaeles and Metabigor. • Acknowledge by / Security hall of fame: Microsoft, StackOverflow, DoD, Django, IBM, Sony, Dell, Adobe, Mastercard, Ford and so on. whoami @j3ssiejjj https://github.com/j3ssie
  3. • Why? • Architecture • Showcases Outline https://github.com/jaeles-project/jaeles

  4. Why building Jaeles? To build • A scanner that can

    take advantage of your experience. • Something that can check one or many things on many hosts. • Something that can easily be extensible. • A scanner that you can totally control it. • Something that is flexible allowed you to easily integrate with other tools.
  5. What Jaeles can do? • Checking for known vulnerabilities. •

    Fuzzer. • Directory brute force / Content discovery. • Technology fingerprint. • Probing HTTP. • Monitor. • And More! Depend on your creativity.
  6. Architecture

  7. Architecture Requests or URLs can be provided in many way

  8. Architecture Signature file is written in YAML format

  9. There are 3 kinds of Signatures: single, list, fuzz. Signature

    In-depth
  10. Used to define type of signature index signature in a

    DB. Signature In-depth 》Info
  11. Info Reference Info

  12. Original Request to compare in detection Signature In-depth 》Origin Request

  13. Origin Request Replaced by variable

  14. Signature In-depth 》Variables & Payloads Resource for building lists of

    requests by single file. Format follow by default golang template engine. Payloads only available in fuzz signature
  15. Signature In-depth 》Variables & Payloads Default variables parsed from URL

    input
  16. Variables Replaced by variable

  17. Signature In-depth 》Variables & Payloads Some Variables API to generate

    many request by using one signature
  18. Variables API Replaced by variable

  19. Signature In-depth 》Payloads Resource for building lists of requests by

    single file. Format follow by default golang template engine.
  20. Generator Payload

  21. Signature In-depth 》Request Builder Building list of request from input

    and detect if it’s vulnerable or not
  22. Signature In-depth 》Request Builder 》Request Component Detail info about request

    like method, URL, headers, etc.
  23. Request Component

  24. Request Component

  25. Signature In-depth 》Request Builder 》Detections Do some logical on based

    on detections script to determine request is vulnerable or not.
  26. Detections was written in Javascript so you can write whatever

    you want with some predefined function below as long as you return boolean value to determine it’s found something or not. Signature In-depth 》Request Builder 》Detections
  27. None
  28. Multiples Detection

  29. Demo https://www.youtube.com/playlist?list=PLqpLl_iGMLnCBBC-TQZVxQAoFXWjTlGoV https://jaeles-project.github.io/showcases/

  30. Signature In-depth 》Request Builder 》Generators & Encoding Only available in

    fuzz signature. Provide some functions to generate request based on the template request with payloads.
  31. Signature In-depth 》Request Builder 》Generators & Encoding Path("{{.payload}}", "*") Replace

    each path of request by the payload. Header("{{.payload}}", "X-Filename") Adding new X-Filename header to request or replace an old one. Query("{{.original}}{{.payload}}"); Method("PUT") Append each query value with payload and change method to PUT.
  32. Generators Use Payloads with variables

  33. Signature In-depth 》Request Builder 》Middleware Middleware Doing some extra task

    before sending a request to target.
  34. Passive Detection Like Detection part but check for every request

  35. Passive Detection Or can only triggered for specific request if

    it satisfied the detection
  36. Burp Intergration

  37. Burp Intergration

  38. Burp Intergration

  39. Web UI Web UI powered by React

  40. Web UI

  41. None
  42. None
  43. Planned Features • Adding more signatures. • Adding more input

    sources. • Adding proxy plugins to directly receive input from browser of http client. • Adding passive signature for passive checking each request. • Adding more APIs to get access to more properties of the request. • Integrate with many other tools.
  44. Takeaways Official Documentation: https://jaeles-project.github.io/ If you didn't find anything blame

    your signature, not my tool :P @j3ssiejjj
  45. Thank you for your attention! @j3ssiejjj Supporting me at https://jaeles-project.github.io/donation/