Bill on Nostr: Weird convergence of real vulnerabilities, scanning tools, and research. If you use ...
Weird convergence of real vulnerabilities, scanning tools, and research.
If you use Nikto (or any other server scanner, ftm) on AWS or Azure they will eventually figure out that you are scanning them and shunt you to the flooding services. You can tell, because Nikto reports:
+ : Server banner changed from 'WhateverYourServerIs' to 'awselb/2.0'.
Now, those load balancing/rate limiting servers accept ANYTHING, so they have a Content-Encoding header. Because of that Nikto will immediately report BREACH.
+ /: The Content-Encoding header is set to "deflate" which may mean that the server is vulnerable to the BREACH attack. See: http://breachattack.com/
First time I saw this, I spun up all of the BREACH testing tools (the zen example is in C# which is nice) and failed and failed to exploit it before I realized that the BREACH report wasn't for the same server. I was testing a fancy honeypot. Doh!
The way to get more insight here is to proxy Nikto (or your scanner of choice) through Zap. It's really a lot of fun. -useproxy is the flag you want, for Nikto anyway.
#appsec #pentesting #BREACH
If you use Nikto (or any other server scanner, ftm) on AWS or Azure they will eventually figure out that you are scanning them and shunt you to the flooding services. You can tell, because Nikto reports:
+ : Server banner changed from 'WhateverYourServerIs' to 'awselb/2.0'.
Now, those load balancing/rate limiting servers accept ANYTHING, so they have a Content-Encoding header. Because of that Nikto will immediately report BREACH.
+ /: The Content-Encoding header is set to "deflate" which may mean that the server is vulnerable to the BREACH attack. See: http://breachattack.com/
First time I saw this, I spun up all of the BREACH testing tools (the zen example is in C# which is nice) and failed and failed to exploit it before I realized that the BREACH report wasn't for the same server. I was testing a fancy honeypot. Doh!
The way to get more insight here is to proxy Nikto (or your scanner of choice) through Zap. It's really a lot of fun. -useproxy is the flag you want, for Nikto anyway.
#appsec #pentesting #BREACH