New Twists for HTML Obfuscation in EEscan
Update 8/7/2007 - Please see www.eescan.net for additional details.
I've just finished coding up some new HTML obfuscation modules for eescan. The exploitability tests in eescan will use these obfuscators to probe for
Here are some of the obfuscators that work right now:
- gzip
- deflate
- chunked
- MPack XOR javascript encoder
- MPack cryptor 4-pass javascript encoder
- AJAX
- SSL
- HTTP over port 443
- SSL over port 80
- arbitrary combinations like AJAX->Mpack->gzip->chunked->SSL->port 80
Initial testing of the Ajax modules is yielding great results against network based IDS/IPS, so-so results against proxies and good results against desktop AV/IPS suites.
Labels: eescan

1 Comments:
I was at your talk, and am reviewing the CD now. I was sorry there wasn't a copy of your presentation on teh CD that I could find, and I'm not clear on the status of eescan as far as it being releasable/released/in the wind?
Post a Comment
<< Home