Full Disclosure mailing list archives
AppScan and IDS evasion
From: "Pen Testing" <quick.pentesting () gmail com>
Date: Sat, 24 May 2008 16:14:24 +0200
Hello, I've launched AppScan against a web application and I'm being blocked/banned (since I have a dynamic IP I can reboot my router and get another IP, which is shortly banned again, as long as the attack persists). Since AppScan doesn't have any kind of IDS evasion (AFAIK), what could I do? Of course, I can perform a manual audit (which I was going to do anyway, automatic scanners are only the first phase) but do you have other ideas to bypass the locking mechanism? Perhaps I could put in place some kind of proxy applying IDS-evasion techniques, so I could configure AppScan to use that proxy, and this last one would be in charge of manipulate/rewrite the requests to bypass IDS. Does such a proxy exist? It would be nice if you could point to some good and practical anti-IDS paper, doc and tools. Thank you. PS: I don't know which kind of IDS is in use (perhaps it's not a full-IDS but some anomaly detection as the one included in Checkpoint FW-1 but I don't have that information). Cheers, -q _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- AppScan and IDS evasion Pen Testing (May 24)
- Re: AppScan and IDS evasion Roman Medina-Heigl Hernandez (May 24)
- <Possible follow-ups>
- Re: AppScan and IDS evasion Elazar Broad (May 24)