Web Application Defender's Cookbook

Recipe 5-9: Detecting Additional Parameters

This recipe demonstrates how to find out when additional, unexpected parameters are added to a request.

Ingredients

OWASP AppSensor10
- Additional/Duplicate Data in Request
ModSecurity
- modsecurity_crs_40_appsensor_detection_point_2.0_setup.conf
- modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf
- appsensor_request_exception_enforce.lua
- appsensor_request_exception_profile.lua

After the Lua profiling scripts outlined in Recipe 1-1 have completed for this resource, we have the following learned profile:

Resolved macro %{request_headers.host} to: 192.168.168.128 Resolved macro %{request_filename} to: /dvwa/vulnerabilities/brute/ Read variable: name "__expire_KEY", value "1334936349". Read variable: name "KEY", value "192.168.168.128_/dvwa/ vulnerabilities/brute/". Read variable: name "TIMEOUT", value "3600". Read variable: name "__key", value "192.168.168.128_/dvwa/ vulnerabilities/brute/". Read variable: name "__name", value "resource". Read variable: name "CREATE_TIME", value "1334932695". Read variable: name "UPDATE_COUNTER", value "10". Read variable: name "min_pattern_threshold", value "5". Read variable: name "min_traffic_threshold", value "10". Read variable: name "traffic_counter", value "10". Read variable: name "ARGS:username_length_8_counter", value "5". Read variable: name "ARGS:password_length_9_counter", value "5". Read variable: name "LAST_UPDATE_TIME", value "1334932749". Read variable: name "enforce_request_methods", ...

Get Web Application Defender's Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Web Application Defender's Cookbook by Ryan C. Barnett, Jeremiah Grossman

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly