Penetration Testing mailing list archives

Re: AppScan and IDS evasion

From: bigbert007 <bigbert007 () gmail com>
Date: Tue, 27 May 2008 10:47:48 -0400

You could slow down the testing. Don't launch a full bore scan, pickone or two tests at a time. If you're looking for XSS or SQL injection,only use those tests. AppScan and any other web scanner is REALLY noisy.


If you can grab another IP from your provider I'd attack it that way.

Cheers!


Pen Testing wrote:

Hello,

I've launched AppScan against a web application and I'm being
blocked/banned (since I have a dynamic IP I can reboot my router and
get another IP, which is shortly banned again, as long as the attack
persists). Since AppScan doesn't have any kind of IDS evasion (AFAIK),
what could I do?

Of course, I can perform a manual audit (which I was going to do
anyway, automatic scanners are only the first phase) but do you have
other ideas to bypass the locking mechanism? Perhaps I could put in
place some kind of proxy applying IDS-evasion techniques, so I could
configure AppScan to use that proxy, and this last one would be in
charge of manipulate/rewrite the requests to bypass IDS. Does such a
proxy exist?

It would be nice if you could point to some good and practical
anti-IDS paper, doc and tools.

Thank you.

PS: I don't know which kind of IDS is in use (perhaps it's not a
full-IDS but some anomaly detection as the one included in Checkpoint
FW-1 but I don't have that information).

Cheers,
-q

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakesin Securing Web ApplicationsFind out now! Get Webinar Recording and PPT Slides


www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------




---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 080527-0, 05/27/2008
Tested on: 5/27/2008 10:47:50 AM
avast! - copyright (c) 1988-2008 ALWIL Software.
http://www.avast.com




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakesin Securing Web ApplicationsFind out now! Get Webinar Recording and PPT Slides


www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Current thread:

AppScan and IDS evasion Pen Testing (May 24)
- RE: AppScan and IDS evasion Erin Carroll (May 24)
  - Re: AppScan and IDS evasion Yuli Stremovsky (May 24)
    - RE: AppScan and IDS evasion Erin Carroll (May 26)
- Re: AppScan and IDS evasion bigbert007 (May 28)
  - Re: AppScan and IDS evasion Todd Haverkos (May 29)
    - Re: AppScan and IDS evasion Sanjay R (May 31)