I'm frequently asked for the specific details of data sent and received in a
test,
a) so the server owner can verify themselves what the precise problem is (it
certainly helps convince them of the problem when they see their database
passwords revealed, for example (:-)
b) so I can check for false positives.
Currently I simply read the source, but then have to often repeat the
specific test with packet loggin on to determine precisely which part of the
test failed.
So my proposal is that the NASL engine should log the sent and received
data, so that it can optionally be printed out in reports, saved in
knowledge base and .nbe files, etc.
I suspect this does not need any change to the NASL language itself, just
that send() and recv() additionally log the data, and the log entry is
opened and closed when the test starts/stops. Quite likely open_sock_tcp()
and similar might be used to separate parts of a multi-test script (e.g when
trying out different cgi-bin locations), so that only the failing portion
gets logged.
Andrew Yeomans (Andrew.Yeomans@drkw.com)
Global IT Security Technology, Dresdner Kleinwort Wasserstein
Tel: 020 7475 9086 Fax: 020 7475 5388 Mobile: 07967 225095
----------------------------------------------------------------------
If you have received this e-mail in error or wish to read our e-mail
disclaimer statement and monitoring policy, please refer to
http://www.drkw.com/disc/email/ or contact the sender.
----------------------------------------------------------------------
test,
a) so the server owner can verify themselves what the precise problem is (it
certainly helps convince them of the problem when they see their database
passwords revealed, for example (:-)
b) so I can check for false positives.
Currently I simply read the source, but then have to often repeat the
specific test with packet loggin on to determine precisely which part of the
test failed.
So my proposal is that the NASL engine should log the sent and received
data, so that it can optionally be printed out in reports, saved in
knowledge base and .nbe files, etc.
I suspect this does not need any change to the NASL language itself, just
that send() and recv() additionally log the data, and the log entry is
opened and closed when the test starts/stops. Quite likely open_sock_tcp()
and similar might be used to separate parts of a multi-test script (e.g when
trying out different cgi-bin locations), so that only the failing portion
gets logged.
Andrew Yeomans (Andrew.Yeomans@drkw.com)
Global IT Security Technology, Dresdner Kleinwort Wasserstein
Tel: 020 7475 9086 Fax: 020 7475 5388 Mobile: 07967 225095
----------------------------------------------------------------------
If you have received this e-mail in error or wish to read our e-mail
disclaimer statement and monitoring policy, please refer to
http://www.drkw.com/disc/email/ or contact the sender.
----------------------------------------------------------------------