The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Structure of ANY Application presented at Hacktivity 2012

by Shay Chen,

Tags: Security

Summary : "Diviner is an new OWASP ZAP (Zed Attack Proxy) open source extension, which uses a new class of attacks, called *divination attacks*, to fingerprint specific server side source code fragments, create a map of the server side memory and inter-page processes, and even locate leads for direct and indirect attacks scenarios for various vulnerabilities, all using nothing but blackbox techniques, and without relying on any vulnerabilities. It's reuses and interacts with many of ZAP's features, and even includes a built-in attack payload manager to ease the detection & exploitation of vulnerabilities in leads located by the platform."