Scribd Logo
Upload

Welcome to Scribd!

  • 121 views

    0d1n Web Hacking Tool

    Uploaded by

    darthjuanan
    The document describes 0d1n, an open source tool for bruteforcing and fuzzing web applications. It was designed to automate exhaustive tests to search for anomalies and vulnerabilities in web parameters, files, directories, forms and other aspects of web applications. The document provides information on using 0d1n, including examples of using it to test for cross-site scripting vulnerabilities. It also addresses frequently asked questions about using 0d1n.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    0d1n Web Hacking Tool

    Uploaded by

    darthjuanan
    121 views20 pages
    The document describes 0d1n, an open source tool for bruteforcing and fuzzing web applications. It was designed to automate exhaustive tests to search for anomalies and vulnerabilities in web parameters, files, directories, forms and other aspects of web applications. The document provides information on using 0d1n, including examples of using it to test for cross-site scripting vulnerabilities. It also addresses frequently asked questions about using 0d1n.

    Original Description:

    od1n

    Original Title

    odin

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document describes 0d1n, an open source tool for bruteforcing and fuzzing web applications. It was designed to automate exhaustive tests to search for anomalies and vulnerabilities in web parameters, files, directories, forms and other aspects of web applications. The document provides information on using 0d1n, including examples of using it to test for cross-site scripting vulnerabilities. It also addresses frequently asked questions about using 0d1n.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    121 views20 pages

    0d1n Web Hacking Tool

    Uploaded by

    darthjuanan
    The document describes 0d1n, an open source tool for bruteforcing and fuzzing web applications. It was designed to automate exhaustive tests to search for anomalies and vulnerabilities in web parameters, files, directories, forms and other aspects of web applications. The document provides information on using 0d1n, including examples of using it to test for cross-site scripting vulnerabilities. It also addresses frequently asked questions about using 0d1n.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 20
    At a glance
    Powered by AI
    0d1n is an open source tool for bruteforcing and fuzzing web applications. It can automate exhaustive tests to search for anomalies and potential vulnerabilities.

    0d1n is an open source web application bruteforcer and fuzzer. Its objective is to automate exhaustive tests to search for anomalies that could potentially be vulnerabilities.

    C was chosen for its fast performance and ability to run on different architectures. C also allows for optimizations and integrating assembly code when needed.

    -.

    5em

    0d1n Web Hacking tool


    Tool designed for bruteforcing Web Applications

    Antonio Costa - CoolerVoid - coolerlair[aT]gmail[DOt]com

    February 8, 2015

    0d1n web hacking tool Page 1/1


    Whoami
    Author:
    • Antonio Costa ”CoolerVoid” is a Computer Programmer
    who loves the Hacker culture, he work as a system analyst
    at CONVISO for three years. Antonio working with code
    review, pentest and security research with focused on
    Secure Web Applications and Reverse Engineering. He
    also has been speaking at in some Brazilian Security
    Conferences such as YSTS, OWASP Florianopolis and
    Bsides Sao Paulo.

    []
    0d1n web hacking tool Page 2/1
    Introduction

    Software Information:
    • 0d1n is a Open Source web application bruteforcer and
    Fuzzer, its objective is to automate exhaustive tests to
    search anomalies. At other point view this anomalies can
    be a vulnerability, These tests can follow web parameters,
    files, directories, forms and others.
    • 0d1n held by GPL v3 license:
    https://github.com/CoolerVoid/0d1n/blob/master/LICENSE.txt

    0d1n web hacking tool Page 3/1


    Introduction
    Why is this tool made in C language ?
    • C has a high delay time for writing and debugging, but no
    pain no gain, it has a fast performance, in addition, the C
    language is run at any architecture like Mips,ARM and
    others... in the future can follow mobile implementations.
    Other benefits of C is that it has good and high profile to
    write optimizations, if you want to write some lines in
    ASSEMBLY code with AES-NI or SiMD instructions, this is
    a good choice.
    • Why you don’t use POO ? in this project i follow ”KISS”
    principe: http://pt.wikipedia.org/wiki/Keep It Simple
    • C language has a lot of old school dudes like a kernel
    hackers...

    0d1n web hacking tool Page 4/1


    Introduction

    Requirements:
    • Need ”GCC” and ”make”
    • You must install ”libcurl”
    • Search libcurl-devel or libcurl-dev in your portage
    • Current version tested only Unix Like systems(Linux,
    MacOS and *BSD).
    • Current version run well, but is a BeTa version, you can
    report bug here: https://github.com/CoolerVoid/0d1n/issues

    0d1n web hacking tool Page 5/1


    How you can use it

    Following this to get, decompress, compile and execute:


    • wget
    https://github.com/CoolerVoid/0d1n/archive/master.zip;
    • unzip master.zip; cd 0d1n-master; make; ./0d1n

    0d1n web hacking tool Page 6/1


    First overview at parameters

    0d1n web hacking tool Page 7/1


    First overview at parameters

    Rules you need know about parameters:


    • Each parameter is a resource function to help you
    • When you view caracter ’ ˆ ’(circumflex) this is lexical
    caracter this represent the payload to replace each line in
    text file
    • The parameter ”–log” you need use always
    • The parameter ”–host” you need use always
    • The parameter ”–save response” if you use on end
    command, save Responses of requests, so if you click in
    ”status code” at javascript table you can view response
    with highlights

    0d1n web hacking tool Page 8/1


    First overview at parameters
    Tamper resource:
    • Tamper is a function to use camouflage in your payload,
    this way you can try bypass web application firewall
    • Each options use different technique to try hide payload
    • You need to remember to using proxy list per Request to
    try walk in stealth to work without blacklists.

    0d1n web hacking tool Page 9/1


    Example on XSS Attack
    At test.php file you can view this source code, look don’t have
    sanitization at POST input:

    0d1n web hacking tool Page 10/1


    Example on XSS Attack

    If you upload at your HTTP server, when rendering with


    browser return this following:

    0d1n web hacking tool Page 11/1


    Example on XSS Attack

    Following this to test application:


    • ./0d1n –host http://localhost/test.php –post ”car name=ˆ ”
    –payloads payloads/xss.txt –find regex list
    payloads/guess.txt –log name log –save response

    0d1n web hacking tool Page 12/1


    Example on XSS Attack
    Result of command generate HTML file with javascript table:
    [First Frame]

    0d1n web hacking tool Page 13/1


    Example on XSS Attack
    If you click at the number of Status you can view response with
    highlights:
    [First Frame]

    0d1n web hacking tool Page 14/1


    Example on XSS Attack

    Other way to test, you can use your custom request on external
    file:

    0d1n web hacking tool Page 15/1


    Example on XSS Attack

    You can follow this command to make custom fuzzing:


    • ./0d1n –host http://localhost/ –custom my request.txt
    –payloads payloads/xss.txt –find string list
    payloads/guess.txt –log 133oooo5 –save response
    –timeout 5

    0d1n web hacking tool Page 16/1


    Frenetic questions

    • How do i enter in auth to fuzz other application ? You need


    Load cookie jar file.
    • how do i use multiples special chars ˆ to fuzz more
    parameters ? Yes you can do it, put more chars ˆ in the
    parameters.
    • how many threads can i use ? Depend of your machine, i
    recommend don’t send a lot of requests for the server,
    because this is a deep pitfall you can get down the server,
    if server runs in production you may lost money and this is
    not good...
    • Do you have any doubts ? e-mail me...

    0d1n web hacking tool Page 17/1


    The End

    0d1n web hacking tool Page 18/1


    Greets

    • IAK, Sigsegv, M0nad, Slyfunky , RaphaelSC, pl4nkton,


    gustavoRobertux, Muzgo, Mente binaria, Otacon...
    • HB, F-117, Eremita, Clandestine, Loganbr, Geyslan,
    Clodonil Trigo...
    • my parents and friends...
    • https://conviso.com.br/index.php/EN

    0d1n web hacking tool Page 19/1


    at construction...

    0d1n web hacking tool Page 20/1

    You might also like