Fingerprinting Rails websites in development mode.
Hey so I think it would be cool to try fingerprint Rails websites that are in development mode. These have all kind of problems like showing full errors, not performing caching or eager loading etc. And are actually really easy to find a call to GET /rails/info/properties will basically show a php info style page with a large amount of information disclosure also a call to GET /rails/info/routes will give you the routes for the application both which I think would be really useful for helping craft attacks vs the application. I would be really keen to help with making this a reality but really have no idea were to start.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on 17 Feb, 2015 10:29 PM
That's a nice idea, I can add some informational passive checks for these.
2 Posted by Jesse Whitham (... on 17 Feb, 2015 10:40 PM
Cool if you do end up writing some checks can you link me the commits. Thanks
Support Staff 3 Posted by Tasos Laskos on 17 Feb, 2015 10:54 PM
Or, I could add this to the
common_directoriescheck since that's its job anyways.Support Staff 4 Posted by Tasos Laskos on 17 Feb, 2015 10:57 PM
All done: https://github.com/Arachni/arachni/commit/039a57b251e3b4019590a9b10...
Thanks for the feedback.
Tasos Laskos closed this discussion on 17 Feb, 2015 10:57 PM.