Re: [WEB SECURITY] SNS08-01 Whitepaper - SE Automated Scanning Anomaly - Google Dork Failure

["AKS aka (0kn0ck)" <0kn0ck@xxxxxxxxxxxx>]

Hi Michael

Thanks a lot. With the advent of new techniques in search engine 
automation this issue is creating
lot of stringencies. while performing pen testing there is small time 
window and time constraint.

The point you have given is highly appreciated. We are looking for more 
specific solutions
to it.

Regards
0kn0ck



Michael S. Menefee wrote:
> 0kn0ck,
>
> Thanks for the informative article. We have been trying to tackle this
> *flaw*/feature of google searching for some time, and have implemented
> in the majority of our scripts the use of random proxies, random
> wait(sleep) functions and switching up the UA to effectively mitigate
> this particular CAPTCHA system from Google, as manual intervention (such
> as the mechanism found in Goolag) is time-consuming and often defeats
> the purpose of automation.
>
> There was once a time when I thought that a paid-for system from Google
> could be utilized to allow legitimate firms to utilize the Google cache
> without limitation, but the management of such a system seems
> inplausable (much like the original Google API system). 
>
> We have had really good success with randomizing various aspects of the
> request (as seen by Google) without that much of a time-trade off. 
>
> I'd be interested in what others are doing to thwart the same
> restrictions
>
> --
> Michael S. Menefee, CISSP (#43728)
> Principal Consultant
> Secure Solve, Inc.
> Phone: (919) 439-3598
> Fax: (919) 287-2570
> mmenefee@xxxxxxxxxxxxxxx
> www.securesolve.com
>
> -----Original Message-----
> From: AKS aka (0kn0ck) [mailto:0kn0ck@xxxxxxxxxxxx] 
> Sent: Sunday, July 06, 2008 10:31 AM
> To: bugtraq@xxxxxxxxxxxxxxxxx; websecurity@xxxxxxxxxxxxx
> Subject: [WEB SECURITY] SNS08-01 Whitepaper - SE Automated Scanning
> Anomaly - Google Dork Failure
>
> Hi
>
> This paper will discuss the anomaly behavior of Google search engine
> that affects the working of automated scanning tools. This anomaly can
> be considered as a security mechanism implemented by Google to prevent
> number of search queries to be executed by a single host within a
> specific time limit.
> Due to this factor the scanning functionality of number of tools is
> disrupted.
>
> http://www.secniche.org/papers/SNS_08_01_SE_Auto_Scan.pdf
>
>
> Regards
> 0kn0ck
> http://www.secniche.org
>
>
> ------------------------------------------------------------------------
> ----
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives: 
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS: 
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>
>
>   


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA