Web Cache Deception Scanner
This extension tests applications for the Web Cache Deception vulnerability.
It adds a new Active Scanner check. Additionally, a context menu item is available to perform a targeted test.
In February 2017, security researcher Omer Gil unveiled a new attack vector dubbed Web Cache Deception.
The Web Cache Deception attack could be devastating in consequences, but is very simple to execute:
- Attacker coerces victim to open a link on the valid application server containing the payload.
- Attacker opens newly cached page on the server using the same link, to see the exact same page as the victim.
The attack depends on a very specific set of circumstances to make the application vulnerable:
- The application only reads the first part of the URL to determine the resource to return, e.g. /my_profile can be accessed as /my_profile_test.
- The application stack caches resources according to their file extensions, rather than by cache header values, e.g. /my_profile.jpg is cached.
|Author||Johan Snyman, Trustwave|
|Last updated||23 November 2017|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.