Create a Custom Attack Module

AppSpider has over fifty in-built attack modules. In some cases, users may want to create a custom attack specific to their environment. Hence, AppSpider provides unique functionality which allows users to create a custom attack module to explore a new attack module based on their application environment.

To create a custom attack module we have create a Library project in Visual Studio Express. It is a freeware tool from Microsoft. It can be downloaded from the following link.: https://www.visualstudio.com/en-us/products/visual-studio-express-vs.aspx

Create the Custom Attack Module

New Library Project

After installation, open VS Express and create a new Class Library project.

Add a reference dll (AttackerCOMLib.dll) from the installation file. Use following steps to add a new reference ddl in the project:

  1. Right click on the project
  2. Navigate to “Add” >> “Reference”
  3. Click on the “Browse” button
  4. Navigate to “AttackerCom.dll” into the AppSpider installation directory and select it.
  5. Click on the “Add” button

Create New Classes

Now, create two new classes ICSModule.cs and ICSModuleFactory.cs. Use following steps to create a new class in VS Express:

  1. Right click on the project
  2. Navigate to “Add” >> “New Item”
  3. Select a C# class item and name it to “ICSModule.cs”
  4. Likewise we can create multiple class files
  1. Add following code for ICSModule.cs:
1
using System;
2
3
namespace CustomModule
4
{
5
public interface ICSModule
6
{
7
void Load(uint moduleRunnerId);
8
9
uint CalculateNumberOfAttacks();
10
bool RunAttack(uint attackIndex);
11
}
12
}
  1. Add following code for CSModuleFactory.cs:
1
using System;
2
3
namespace CustomModule
4
{
5
public interface ICSModuleFactory
6
{
7
bool CreateModule(Guid moduleGuid, out ICSModule module);
8
}
9
}
  1. Add a new class file ModuleFactory.cs. In this class we need to add a unique GUID, which will be used to attach in the Attack module in future.
1
using System;
2
using AttackerCOMLib;
3
using System.Text.RegularExpressions;
4
5
namespace CustomModule
6
{
7
public class CSModuleFactory : ICSModuleFactory
8
{
9
public bool CreateModule(Guid moduleGuid, out ICSModule module)
10
{
11
Guid correctGuid = new Guid("7DEE1967-063D-4BE0-8061-028D3E707FCE");
12
if (correctGuid == moduleGuid)
13
module = new Internal();
14
else
15
module = null;
16
return module != null;
17
}
18
19
}
20
}
  1. Now, add an Internal.cs with following code:
1
using AttackerCOMLib;
2
using System;
3
using System.Text.RegularExpressions;
4
5
namespace CustomModule
6
{
7
/// <summary>
8
/// Internal module name as per location indicated in module.cfg
9
/// </summary>
10
public class Internal : ICSModule
11
{
12
13
IModuleRunner _moduleRunner;
14
15
public bool AttackPointIsRelevant()
16
{
17
throw new NotImplementedException();
18
}
19
20
public uint CalculateNumberOfAttacks()
21
{
22
IAttackPoint attackPoint = _moduleRunner.GetAttackPoint();
23
if (attackPoint.Type == AttackPointType.ATTACKPOINT_PARAMETER)
24
{
25
26
return 1;
27
}
28
else
29
{
30
31
// Other attack points are:
32
// CrawlResult
33
// File
34
// Directory
35
// Host
36
return 0;
37
}
38
}
39
40
41
42
public void Load(uint moduleRunnerId)
43
{
44
_moduleRunner = new ModuleRunner();
45
_moduleRunner.SetModuleInstanceID(moduleRunnerId);
46
}
  1. Place a “attack.cfg” and “module.cfg” by creating a new folder “Internal” at “C:\Program Files (x86)\Rapid 7\AppSpider 6\ScanEngine\Modules”
  1. Compile and run the project and it will generate a “internal.dll” file. Copy and paste to the “C:\Program Files (x86)\Rapid 7\AppSpider 6\ScanEngine\Modules\internal” path.
  2. Edit “ApplicationPolicies.xml” file from “C:\Program Files (x86)\Rapid 7\AppSpider 6\ScanEngine\Config\” path. Add following code into the xml.
1
<AttackModulePolicy>
2
<Enabled>1</Enabled>
3
<ModuleId>7DEE1967063D4BE08061028D3E707FCE</ModuleId>
4
<ModulePriority>Medium</ModulePriority>
5
<Severity>Informational</Severity>
6
<MaxVulnLimit>100</MaxVulnLimit>
7
<MaxVarianceLimit>1</MaxVarianceLimit>
8
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
9
<EnforceEncoding>0</EnforceEncoding>
10
<AttackPoints>Response Analysis</AttackPoints>
11
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Http Header|Cookie|Referer</ParameterLocations>
12
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
13
</AttackModulePolicy>
  1. Create a new scan from AppSpider GUI. Navigate to configuration file in %Documents%/AppSpider/scans/Configname/config.scfg.
  2. Edit the configuration file and add following code.
1
<AttackModulePolicy>
2
<Enabled>1</Enabled>
3
<ModuleId>7DEE1967063D4BE08061028D3E707FCE</ModuleId>
4
<ModulePriority>Medium</ModulePriority>
5
<Severity>Low</Severity>
6
<MaxVulnLimit>100</MaxVulnLimit>
7
<MaxVarianceLimit>1</MaxVarianceLimit>
8
<PassiveAnalysisOnAttacks>0</PassiveAnalysisOnAttacks>
9
<EnforceEncoding>0</EnforceEncoding>
10
<AttackPoints>Parameter</AttackPoints>
11
<ParameterLocations>Directory|File|Path|Query|Fragment|Post|Cookie|Referer|Http Header</ParameterLocations>
12
<RequestOriginations>HTML|Form|AJAX|Flash|Silverlight|WSDL</RequestOriginations>
13
</AttackModulePolicy>

You can see a new attack module in attack policy.

  1. Select the custom attack module and run a scan.