Tuesday, November 6, 2012

Diviner - OWASP Zed Attack Proxy Extension

 Diviner is a unique platform that attempts to predict the structure of the server-side memory, source code and processes,by executing scenarios aimed to fingerprint behaviors that derive from specific lines of code, processes or memory allocations,by employing the use of a variety of coverage processes, content differentiation tests and entry point execution scenarios,and by using deduction algorithms that convert this information into a visual map of the application. 

Diviner analyzes and reuses the requests found in ZAP's history at at the moment of its activation, activates the application entry points under different extreme conditions, generates and isolates specific application behaviors,and uses the information obtained to predict the structure of the server side memory,source code, and processes.These aspects are then presented in the form of a visual map,which includes leads, tasks and payload recommendations.

 Diviner also attempts to analyze this information in order to locate potential leads for vulnerabilities,both simple and complex, and provides recommendations for detecting and exploiting them.
 

Video Demo:  

Using the Clairvoyance Feature to Gain Insight into the Server Memory, Code and Processes
Using the Advisor Feature to Detect SQL Injection via Session Attributes
Using the Advisor Feature to Detect XSS via Session Attributes
 

More info: http://sectooladdict.blogspot.com

Download: http://code.google.com

No comments: