| Logo | Scanner | Version | Vendor |
 | Burp Suite Professional | 1.7.03 | PortSwigger |
| Tested Against WAVSEP Version: |
| Detection Accuracy | Chart | ||||
| 100.00% Detection Rate 10.00% False Positives | (136/136) (1/10) |  |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 20 out of 20 | Detected: 1(1st&2nd),2-19 |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 20 out of 20 | Detected: 1(1st&2nd),2-19 |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 20 out of 20 | Detected: 1(1st&2nd),2-19 200Error-Experimental-GET:1 |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 20 out of 20 | Detected: 1(1st&2nd),2-19 200Error-Experimental-POST:1 |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 20 out of 20 | Detected: 1(1st&2nd),2-19 (time based plugin dramatically improves results) |
| Valid 200 Responses | HTTP POST (Body Parameters) | 20 out of 20 | Detected: 1(1st&2nd),2-19 (time based plugin dramatically improves results) |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 8 out of 8 | Detected: 1-8 (time based plugin dramatically improves results) |
| Identical 200 Responses | HTTP POST (Body Parameters) | 8 out of 8 | Detected: 1-8 (time based plugin dramatically improves results) |
| False Positive SQLi Test Cases | HTTP GET (Query String Parameters) | 1 out of 10 | Case 6 |
| Detection Accuracy | Chart | ||||
| 96.97% Detection Rate 0.00% False Positives | (64/66) (0/7) | |
| Response Type | Input Vector | Detection Rate | Details |
| Reflected XSS | HTTP GET (Query String Parameters) | 32 out of 33 | Detected: 1-30(1st&2nd),32 Missed: 31 RXSS-Experimental-GET: 1,3,5 DOM-XSS-Experimental: 1,2,3,4 (2,4 as DOM Redirect) |
| Reflected XSS | HTTP POST (Body Parameters) | 32 out of 33 | Detected: 1-30(1st&2nd),32 Missed: 31 RXSS-Experimental-POST: 1,3,5 |
| False Positive RXSS Test Cases | HTTP GET (Query String Parameters) | 0 out of 7 | None |
| Detection Accuracy | Chart | ||||
| 69.12% Detection Rate 12.50% False Positives | (564/816) (1/8) | |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 53 out of 68 | Overall: 1-24,25,28,31, 37-44, 46,47,48,49,50, 53-60, 61,62,64,65,66 Path Traversal Detected: 1-24, 37-44, 53-60 Path Manipulation Detected: 25, 28, 31, 46,48,50,62,64,66 47,49,61,65, Previously Detected (int. disabled): 1-24,37-44,53-60 |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 45 out of 68 | Overall: 1-6,9-12, 15-18, 21,22,24,25,28,31, 37-44, 46,47,48,49,50, 53-60,62,64,65,66 Previously Detected (int. disabled): 1-24,37-44,53-60 |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 53 out of 68 | Overall: 1-24,25,28,31, 37-44, 46,47,48,49,50, 53-60, 61,62,64,65,66 Path Traversal Detected: 1-24, 37-44, 53-60 Path Manipulation Detected: 25, 28, 31, 46,48,50,62,64,66 47,49,61,65, Previously Detected (int. disabled): 1-24,37-44,53-60 |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 45 out of 68 | Overall: 1-6,9-12, 15-18, 21,22,24,25,28,31, 37-44, 46,47,48,49,50, 53-60,62,64,65,66 Previously Detected (int. disabled): 1-24,37-44,53-60 |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 53 out of 68 | Overall: 1-24,25,28,31, 37-44, 46,47,48,49,50, 53-60, 61,62,64,65,66 Path Traversal Detected: 1-24, 37-44, 53-60 Path Manipulation Detected: 25, 28, 31, 46,48,50,62,64,66 47,49,61,65, Previously Detected (int. disabled): 1-24,37-44,53-60 |
| Valid 200 Responses | HTTP POST (Body Parameters) | 45 out of 68 | Overall: 1-6,9-12, 15-18, 21,22,24,25,28,31, 37-44, 46,47,48,49,50, 53-60,62,64,65,66 Previously Detected (int. disabled): 1-24,37-44,53-60 |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 53 out of 68 | Overall: 1-24,25,28,31, 37-44, 46,47,48,49,50, 53-60, 61,62,64,65,66 Path Traversal Detected: 1-24, 37-44, 53-60 Path Manipulation Detected: 25, 28, 31, 46,48,50,62,64,66 47,49,61,65, Previously Detected (int. disabled): 1-24,37-44,53-60 |
| Identical 200 Responses | HTTP POST (Body Parameters) | 45 out of 68 | Overall: 1-6,9-12, 15-18, 21,22,24,25,28,31, 37-44, 46,47,48,49,50, 53-60,62,64,65,66 Previously Detected (int. disabled): 1-24,37-44,53-60 |
| Redirect (302) Responses | HTTP GET (Query String Parameters) | 53 out of 68 | Overall: 1-24,25,28,31, 37-44, 46,47,48,49,50, 53-60, 61,62,64,65,66 Path Traversal Detected: 1-24, 37-44, 53-60 Path Manipulation Detected: 25, 28, 31, 46,48,50,62,64,66 47,49,61,65, Previously Detected (int. disabled): 1-24,37-44,53-60 |
| Redirect (302) Responses | HTTP POST (Body Parameters) | 45 out of 68 | Overall: 1-6,9-12, 15-18, 21,22,24,25,28,31, 37-44, 46,47,48,49,50, 53-60,62,64,65,66 Previously Detected (int. disabled): 1-24,37-44,53-60 |
| Erroneous 404 Responses | HTTP GET (Query String Parameters) | 38 out of 68 | Overall: 1-3,9,10, 15,16,21,24,25,28,31, 37-44, 46,47,48,49,50, 53-60, 61,62,64,65,66 Previously Detected (int. disabled): 1,2,4,9,10,15,16,21,24,37-44,53-60 |
| Erroneous 404 Responses | HTTP POST (Body Parameters) | 36 out of 68 | Overall: 1-3, 9,10,15,16,21,24,25,28,31,37,39-44,46,47,48,49,50, 53,55-60,62,64,65,66 Previously Detected (int. disabled): 1,2,4,9,10,15,16,21,24,37,39-44,53,55-60 |
| False Positive Lfi Test Cases | HTTP GET (Query String Parameters) | 1 out of 8 | Case 02 (Case 01 also identifed, but a flaw/0day in JAVA at the time of testing actually caused the forward method to be vulnerable to Path Traversal) |
| Detection Accuracy | Chart | ||||
| 85.19% Detection Rate 0.00% False Positives | (92/108) (0/6) | |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 8 out of 9 | Detected: Detected:1-4,5,7,8,9 (5,8,9 as file path manipulation) Previously Detected: 1-7 (only 1-4 on normal mode) |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 8 out of 9 | Detected: Detected:1-4,5,7,8,9 (5,8,9 as file path manipulation) Previously Detected: 1-7 (only 1-4 on normal mode) |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 8 out of 9 | Detected: Detected:1-4,5,7,8,9 (5,8,9 as file path manipulation) Previously Detected: 1-7 (only 1-4 on normal mode) |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 8 out of 9 | Detected: Detected:1-4,5,7,8,9 (5,8,9 as file path manipulation) Previously Detected: 1-7 (only 1-4 on normal mode) |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 8 out of 9 | Detected: Detected:1-4,5,7,8,9 (5,8,9 as file path manipulation) Previously Detected: 1-7 (only 1-4 on normal mode) |
| Valid 200 Responses | HTTP POST (Body Parameters) | 8 out of 9 | Detected: Detected:1-4,5,7,8,9 (5,8,9 as file path manipulation) Previously Detected: 1-7 (only 1-4 on normal mode) |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 8 out of 9 | Detected: Detected:1-4,5,7,8,9 (5,8,9 as file path manipulation) Previously Detected: 1-7 (only 1-4 on normal mode) |
| Identical 200 Responses | HTTP POST (Body Parameters) | 8 out of 9 | Detected: Detected:1-4,5,7,8,9 (5,8,9 as file path manipulation) Previously Detected: 1-7 (only 1-4 on normal mode) |
| Redirect (302) Responses | HTTP GET (Query String Parameters) | 8 out of 9 | Detected: Detected:1-4,5,7,8,9 (5,8,9 as file path manipulation) Previously Detected: 1-7 (only 1-4 on normal mode) |
| Redirect (302) Responses | HTTP POST (Body Parameters) | 8 out of 9 | Detected: Detected:1-4,5,7,8,9 (5,8,9 as file path manipulation) Previously Detected: 1-7 (only 1-4 on normal mode) |
| Erroneous 404 Responses | HTTP GET (Query String Parameters) | 6 out of 9 | Detected: Detected:1,2,5,7,8,9 (5,8,9 as file path manipulation) Detected: 1,2,5,7 (only 1,2 on normal mode) |
| Erroneous 404 Responses | HTTP POST (Body Parameters) | 6 out of 9 | Detected: Detected:1,2,5,7,8,9 (5,8,9 as file path manipulation) Detected: 1,2,5,7 (only 1,2 on normal mode) |
| False Positive Rfi Test Cases | HTTP GET (Query String Parameters) | 0 out of 6 | None |
| I defined Firefox to use burp as a proxy, accessed the various index pages (in different scans), used burp to crawl them all and verified that all the URLs were successfully crawled.
I then reduced the amount of threads to 1, disabled the "remove duplicate items" feature on the scan wizard, and occasionally the intelligent attack selection, verified that all the relevant scan plugins were enabled and executed the scan on various groups of URLs. The following configuration values were consistently used: Scan Options->Scan Speed -> Thorough Scan Options->Scan Accuracy -> Minimize FP *Use Intelligent Attack Selection |
| Detection Accuracy | Chart | ||
| 50.0% Detection Rate | |
| Initialized WIVET's session, limited the spider threads to 1 single thread, used firefox to populate burp with the index URL, defined fiddler as an upstream proxy and defined a valid session identifier using the the filter feature in fiddler, and finally, I edited menu.php in WIVET and excluded the logout URL (100.php).
I crawled wivet root URL twice before checking the result, and verified the results by running the whole process twice - the results were identical. |