Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: AppScan and IDS evasion

Re: AppScan and IDS evasion

From: bigbert007 <bigbert007_at_gmail.com>
Date: Tue, 27 May 2008 10:47:48 -0400

You could slow down the testing. Don't launch a full bore scan, pick
one or two tests at a time. If you're looking for XSS or SQL injection,
only use those tests. AppScan and any other web scanner is REALLY noisy.

If you can grab another IP from your provider I'd attack it that way.

Cheers!

Pen Testing wrote:
> Hello,
>
> I've launched AppScan against a web application and I'm being
> blocked/banned (since I have a dynamic IP I can reboot my router and
> get another IP, which is shortly banned again, as long as the attack
> persists). Since AppScan doesn't have any kind of IDS evasion (AFAIK),
> what could I do?
>
> Of course, I can perform a manual audit (which I was going to do
> anyway, automatic scanners are only the first phase) but do you have
> other ideas to bypass the locking mechanism? Perhaps I could put in
> place some kind of proxy applying IDS-evasion techniques, so I could
> configure AppScan to use that proxy, and this last one would be in
> charge of manipulate/rewrite the requests to bypass IDS. Does such a
> proxy exist?
>
> It would be nice if you could point to some good and practical
> anti-IDS paper, doc and tools.
>
> Thank you.
>
> PS: I don't know which kind of IDS is in use (perhaps it's not a
> full-IDS but some anomaly detection as the one included in Checkpoint
> FW-1 but I don't have that information).
>
> Cheers,
> -q
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes
> in Securing Web Applications
> Find out now! Get Webinar Recording and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
>
>
>
> 

---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 080527-0, 05/27/2008
Tested on: 5/27/2008 10:47:50 AM
avast! - copyright (c) 1988-2008 ALWIL Software.
http://www.avast.com
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes 
in Securing Web Applications  
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on May 28 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos