Venari 1.4¶
Version 1.4 of Venari brings a cool new integration with Burp to help manual testers onboard site maps and vulnerabilities to improve testing efficiency. There is also a new category of automatic testing of access control vulnerabilities.
- Burp Integration
- Automatic Session Management Testing
- Dynamic Parameters in Workflows
- Visual Studio Code Extension
Burp Integration¶
There is a new Burp extension called Auto Mapper that is powered by Venari. Venari now fully integrates with Burp to provide automatic site mapping in tandem with automatic login, discovery and exploitation. You can initiate Venari scans from Burp and harvest site map and issues in real time. Manual testers can use the full power of Burp to augment those results using the tool they are already familiar with.
The full integration is described in a YouTube video and also in a quick start article.
| Resources | |
|---|---|
| Quick Start Guide | Step by step instructions |
| Video | Video describes setup and usage and has in-depth information about bullet-proof DOM-XSS testing without false-positives |
| Download Auto Mapper JAR file | At the time of release the Auto Mapper extension is not yet in the Burp app store. Download the signed JAR file from the Assert Security web site |
| Auto Mapper GitHub repository | If you would rather inspect the extension code and build the JAR file manually, there are complete instructions in the readme file in the GitHub repository |
Features¶
-
Automatic login using only credential information
-
Automatic site mapping via browser discovery and link spidering
-
Easy customization of discovery scope in the free Venari UI
-
Easy customization of exploit rules in the free Venari UI
-
Manually record workflows as needed for advanced use cases. Examples:
-
Create login workflows for cases where auto-login does not work
-
Create account with user registration workflow
-
-
Automatic XSS probing and fuzzing (reflected, DOM-based, stored)
-
CSRF testing
-
Broken session management testing
- Session ID unchanged after login
- Incomplete logout functionality
- Credentials stored in cookie
-
Enable all rules in Venari CE (SQL Injection, Information disclosure, Cross-frame scripting and more)
-
Import Venari data into Burp
- Site map from a completed job
- All data from a completed job (site map and issues)
- Issues for an application (aggregated from all scan jobs)
Automatic Session Management Testing¶
Venari CE 1.4 introduces new access control test automation and some new rules.
Active Rules¶
| MEDIUM | |
|---|---|
| Incomplete Logout Functionality | CWE 613 |
Passive Rules¶
| MEDIUM | |
|---|---|
| Credentials Stored In Cookie | CWE 315 |
| LOW | |
|---|---|
| Session ID Unchanged After Authentication | CWE 384 |
Dynamic Parameters in Workflows¶
The workflow language now supports matching patterns in HTML snapshots during workflow playback. The matched data can be used as a parameter later in the workflow. This feature can enable advanced scenarios. An example is described below:
Imagine an e-commerce site that has rotating products on the landing page and allows searching by product ID. Below is an example of how the new feature would be helpful.
-
Record a workflow that navigates to a landing page on an e-commerce site and enters text in a search input and submits.
-
In the snapshot after the initial navigation, match on an HTML pattern that indicates a product ID.
-
Edit the workflow (YAML) in VS Code using the Assert Security Editor extension. (see section below)
-
After the workflow is edited to use the matched data in a parameter, the workflow will run as before and will dynamically find the product ID that is on the page. The workflow will then type that ID into the search form and click the search button.
These types of specialized workflows enable smarter discovery and better site mapping.
Visual Studio Code Extension¶
The free Assert Security extension for the popular VS Code editor enables rule, data set and workflow editing with intellisense and code snippets. The dynamic data feature described above is a good example of when workflow editing makes sense.
Requirements¶
-
Install the YAML extension (YAML Language Support by Red Hat)
-
Install the schema files using the command palette (Assert: Install Schema).
Install the Extension¶
Editing Workflows¶
The plugin automatically detects YAML and applies schema constraints to show errors and provide intellisense while editing.
The example below shows a partially typed workflow being completed with the help of intellisense and a completion snippet. The resulting YAML is a simple auto-login workflow that Venari uses to authenticate to a web application with forms-based login.
Editing Rules¶
The example below shows a partially typed rule being completed with the help of intellisense. The resulting YAML is a simple inspection rule used by Venari to search for validated private IPv4 address exposure.
Editing Data Sets¶
The example below shows a partially typed data set being completed with the help of snippets.
