OWASP OWTF

Implementation owtf Botnet mode module.

Marios Kourtesis

Mentor: Abraham Aranguren

Table of Contents

● What is Botnet Mode

● How it works

● TOR mode

– Advantages

– Disadvantages

● Proxy List mode

– ProxyMiner

– ProxyManager

– Advantages

– Disadvantages

– Proxy List mode Diagram

● Behind The Scenes

● Sources

What it Botnet Mode?

The main purpose of this feature is to detour potential ip-filtering that defenders might attempt in order to prevent our scan.

When it is enabled it applies anonymity to all tools that are used from OWTF.

How it Works

Botnet mode works in two different ways.

● TOR mode

– Each Http request will pass thow TOR Network[1].

● Proxy List mode

– Each Http request will pass throw a different proxy.

TOR mode

● Starts TOR daemon.

● Every request passes throw TOR network.

● User can configure in how many time to automatically change his IP address.

● User can configure after how many request wants to change his IP address.

TOR mode Advantages

● High level of anonymity.

● Good option for professional testing without privileges.

TOR mode Disadvantages

● TOR network is very slow.

● Some TOR proxy routers are owned by government.

Proxy List mode

● Each Http request will pass throw a different proxy.

● Support public and private proxy lists.

● The proxies could be imported as a list.

● The proxies also could be fetched automatically with the ProxyMiner* from the web.

● Recovery support for dead proxies.

*ProxyMiner(Described in the next slides)

ProxyMiner

ProxyMiner is a feature that searches on the web for proxies and passes them to ProxyManager(next slide). By the time you have enabled Botnet mode, ProxyMiner will ask user if he wants to start the mining process before the scanning process begins.

● It runs continuously and mines proxies(optionally).

● It has a big list of websites that contain proxies.

● Handles dead proxies.

ProxyManager

Proxy manager handles all proxies that are passed from ProxyMiner or imported from a list.

● It is responsible to handle dead proxies.

● It sorts proxies by speed or country.

● It puts dead proxies in a blacklist.

● It keeps Statistics about proxies.

Proxy List mode Advantages

● High speed scan.

● Provides better anonymity level than using a simple proxy.

● You can have proxies list automatically.

● If you don't trust ProxyMiner's proxies you can import your proxy list.

Proxy List mode Disadvantages

● Proxies mined from the web are not confidential.

Proxy List mode diagram

Behind the Scenes

● For the Data mining process i will use Beautiful Soup(python library[2]). Beautiful soup is implemented in both python 2.7 and python 3 so it is a great choice for future plan of porting owtf to python 3.

● The data structure for the proxy list will be the following:

(ip, port, speed, country, type,send_requests, user, password)

● The implementation will use the MiTM proxy[3].

Sources

● [1]”TOR”, url: [ https://www.torproject.org/about/overview.html.en ]

● [2]”Beautiful Soup Documentation”, url: [http://www.crummy.com/software/BeautifulSoup/bs4/doc/]

● [3]”MiTM Proxy”, url: [http://www.slideshare.net/abrahamaranguren/owasp-owtf-summer-storm-owasp-appsec-eu-2013], pp. 43-53.