Skip to content

2.0. CustomActiveScan Main Panel

Jump to bottom
gdgd009xcd edited this page Mar 12, 2024 · 15 revisions

rule configuration

The CustomActiveScan Main Panel can select something other new scanner rules. Currently, this provides two rule types below:

1. "SQL" rule type

CustomActiveScanPanel1
The "SQL" rule is the default CustomActiveScan rule. this provides boolean based SQL injection test by using true/false/error SQL injection patterns.
Above displaying table consists of following columns:

  • Modify: Type of embeding to the original value.
    • Add - adding pattern to the tail of the original value.
    • Replace - replace the original value entirely with pattern.
    • JSON - this type Only used with Content-Type is application/json request.
      Similar Replace but if the original value is enclosed within quotes as a JSON String, It replaces the original value, including those containing quotes, with the pattern.
  • TrueValue pattern: (required) A pattern value for getting equivalent response of the original.
  • FalseValue pattern: (required) A pattern value for getting failed response of the original
  • ErrorValue pattern: (optional) A pattern value that evaluates as SQL error.
  • TrueName pattern: (optionnal) A pattern value that is the parameter name pattern of the trueValuePattern.
  • FalseName pattern: (optionnal) A pattern value that is the parameter name pattern of the falseValuePattern.
  • ErrorName pattern: (optionnal) A pattern value that is the parameter name pattern of the errorValuePattern
    ※you can change these pattern anytime, but if you change these pattern, then save dialog appears, so you must save these pattern to json file by using it.

2. "PenTest" rule type

The "PenTest" rule is a simply add attack patterns in request and detecting specified keyword from response. Pentest1
PenTest pattern consists of below patterns:

TrueValue pattern: a pattern value which add to insertion point in request

you can add/change/delete detecting keyword by "Regexes for detecting keywords in response results" pane below.
regexkeyword
To add detecting keyword, select Add item in popup menu. input keyword using regular expression. regexkeywordinput
If you check keyword is valid regular expression, then press test button. regex test dialog opens. Paste response text which you want to search, and press test button. regexkeywordtest
press OK button to add keyword.

3. add/copy/save/load/select Rule

you can add(new)/copy/save/load rule by following menu.
customRuleMenu
and you can select existing Rule by following menu.
customRuleSelection

4. configure scan idle time and pause counter

You can set the scan idle time, which is the wait time between each sending request. customIdlePauseConfig

  • Min.idl.Time: Minimum wait time (ms)
  • Max.idl.Time: Maximum waiting time (ms)
  • Rand.Idl.TIME: If checked, it will randomly set the wait time between Min.Idl.Time and Max.idl.Time. If this is not checked, the wait time value will be the maximum value of Min.Idl.Time and Max.idl.Time.
  • Req.Cnt: if you set this value greater than 0 and checked ScanLogPanel check box, scan temporarily will stop after sending request count reached this value. (described detail below next section)

5. Decode URLEncoded(%XX) value check box

If you check this, the % encoded hexadicimal value convert to binary data before embeding within the parameter.
This feature enable to embed binary data for detecting database error messages which is caused by illegal character etc. decodeURLEncodedValue

ScanLog Panel

1. ScanLogPanel popup check box

if you check "response results output to "ScanLog" window", The ScanLog Panel appears when starting activescan.
outputtoscanlog
The ScanLog Panel has similar functionality like History panel. one difference is The scanLog Panel has columns for count of keyword detected in response
scanlogpanel1

2. pause (temporalily stop) scanning

if you set Req.Cnt value to be greater than 0 and checked ScanLogPanel check box in CustomScan Main Panel, scan temporarily will stop after sending request count reached this value. The following shows the scan paused after sending two requests.
customPause
you can continue scanning until next pausing by click ▶pause button. if you want to cancel pause action, set Req.Cnt value 0.

3. ScanLogPanel popup menu

following shows ScanLogPanel popup menus.
customScanLogPopupMenu
showMessage: display the Result Dialog which shows selected scan result in ScanLogPanel. it shows Request/Response/Alert details.
sendMessage: send request of selected scan result in AutoMacroBuilder.

other menus shows zaproxy standard menus.

4. Result Dialog

following shows the Result Dialog. this shows request/respose/Alert details in selected scan result.
in Response(LCS) TextPane, the response text with blue color indicates that text is the same as the original response text.
text with bold black color indicates that text is different from the original.
customResultDialog

SHOW NEXT

Clone this wiki locally