Thursday, August 1, 2013

What's new in IronWASP v0.9.6.5

IronWASP v0.9.6.5 is now available for download. Users of older versions should get an update prompt when using IronWASP. This is what you get with the new version.

1) Completely redesigned awesome new Results section
2) Support for editing, scanning and fuzzing SOAP messages
3) New active checks for Server Side Includes, Sever Side Request Forgery and Expression Language Injection
4) New passive check for JSON messages that are vulnerable to JSON hijacking
5) Significantly faster and robust parsers for XML, JSON and Multi-part messages with auto-detection support
6) Enhancements to the Payload Effect Analysis feature
7) Enhancements to the Scan Trace Viewer feature
8) Ability to create Request in Manual Testing section from clipboards
9) New Network address parsing APIs
10) Update to FiddlerCore v2.4.4.8

I will give a quick peek at some of these new features below.

New Results Section:

The Results section now automatically highlights the interesting sections of the Request and Response along with some description of what is being highlighted.

There is a new Trigger Analysis Tools section that gives lot of capabilities that were not available earlier. In the case of the above example if you wanted to see what is the difference between this response and the response sent by the server when normal data was sent, it can be done in just 3 clicks.

Go in to 'Trigger Analysis Tools' check Normal, check Trigger 1 and then click on 'Diff Request/Response of Selected Items' buttons.

If you wanted to check out all the logs and payloads associated with this scan then that is just one-click away. Just click on the big button named 'Show the Payload. Requests & Responses.....'.

SOAP Message Format Support:

SOAP messages are automatically detected and parsed. If you are trying to scan or fuzz a SOAP message then the injection points are automatically set according to the format.

RAW SOAP Message:

Parsed SOAP Message available for editing:

Enhanced Payload Effect Analysis:

Payload Effect Analysis feature now produces eye-friendly and easy to consume summary for the detected Anomalies.

Enhanced Scan Trace Viewer:

The Scan Trace Viewer has been given many improvements. There is color highlighting for each the log entries based on the scan trace messages.
For example, for every scan trace the baseline request/response is the first row and it is now highlighted in green along with a message specifying this.

Clicking on any of the rows will show the request/response of that log, in addition a color highlighted diff of the selected log and the baseline log is also displayed. It makes analysis easy and quick.

For example in the screenshot below, when the log where the payload to display the /etc/passwd file is sent is clicked, the differences between the response shows that the baseline response did not have the /etc/passwd file contents but the response for this payload does have these values.

This section now also holds the Payload Effect Analysis results. Everytime you load a Scan Trace entry in to the viewer Payload Effect Analysis is automatically performed and the results displayed.

Clicking on any of the anomalies also displays the request/response associated with it.

This level of analysis on the scanner logs is not available in any other tool in the market no matter how many thousands of dollars you are willing to spend. In IronWASP you get all this for free!!

There is a lot planned for the next major release, be prepared for a few surprises :)

Bug reports or feedback on this version are most welcome, either on the IronWASP mailing list, my IronWASP email id, my twitter account or the IronWASP Facebook page.


No comments:

Post a Comment