1. Memo header:
From the Help Guide:
- If you select this option, WebInspect includes a "Memo:" header in the HTTP request containing information that can be used by support personnel to diagnose problems. Although the format and content is subject to change without notice, the information may assist advanced users. Two of the more useful constructions are illustrated below.
The data shown in this custom header is mostly for the benefit of the HP ASC developers and Customer Support, as it is in their programming lingo. The standard user will be able to get a rough idea of why this HTTP Request was queued up, such as it was part of the recorded Login Macro, part of the Crawl, or triggered by one of the Audit Engines..
The Help Guide also provides these samples to help decipher the provided information.
- Attack memo header example
- Memo: 197:Auditor.SendAsyncronousRequest:Attack(CID:123:AS:2,
EID:1354e211-9d7d-4cc1-80e6-4de3fd128002,ST:AuditAttack,AT:
PostParamManipulation,APD:username,I:(1,0),R:False,SM:2,SID:
FDF074B3AC41D4ABE4114B3C1A114160,PSID:DDAA45FB26C9149DB15AF2D8DDFD5D3A) - Explanation of memo contents
- Requestor thread id handling request:197
- Originating function in scanner: SendAsyncronousRequest
- CheckID:123
- Attack Sequence: 2
- Originating engine:1354e211-9d7d-4cc1-80e6-4de3fd128002
- Session Type: AuditAttack
- Attack Type: PostParamManipulation
- Attack descriptor (what was attacked): username ‘param’ was attacked, it is parameter (1,0) in collection
- Smart Mode: 2
- Attack Session ID: FDF074B3AC41D4ABE4114B3C1A114160
- Parent Session ID :DDAA45FB26C9149DB15AF2D8DDFD5D3A
- Crawl memo header example
- Memo: 180:ProcessSession:Crawler.CreateStateRequest:
SID:2BC3FC705779A6F201810A1E64F7CF83,PSID:A77674B6A5BF9B3B3CEDAEF583C08262,
ST:Crawl,CLT:HTML - Explanation of memo contents
- Requestor thread id handling request:180
- Originating function in scanner: ProcessSession:Crawler.CreateStateRequest
- Session Type: Crawl
- Crawl Link Type: HTML
- Session ID: 2BC3FC705779A6F201810A1E64F7CF83
- Parent Session ID : A77674B6A5BF9B3B3CEDAEF583C08262
2. Details Expanded
This is my favorite secret, as it is always available with no need to enable it prior to any assessment. Unfortunately, it is disabled by default and can only be toggled in WebInspect via a modified user.config file. The good news is that action enables this feature for all scans being reviewed within the UI, not just the selected scan. This feature is also known as the "EnableSupportUI" feature, since it primarily aids the Support team when reviewing customer scans for issues.
Enabling:
1. Close WebInspect.
2. Make a back-up copy of the user.config file located at:
* Win7: C:\Users\%CURRENTUSER%\Local Settings\Application Data\SPI Dynamics\WebInspect\7.0\
3. Modify the user.config so that the appropriate setting tag entry has its Value set to "true" rather than "false".
4. Save and exit user.config.
5. Launch WebInspect, open any scan (new or old), select a session, click on the Details session link, see all the gory details.
So you can see what this feature offers, I have attached before and after screen shots for the same session.
~~ Habeas Data
No comments:
Post a Comment