Version 1.3.0 - Improved Cache Deception, Kali Linux & more

Kali Linux

WCVS was finally added to Kali Linux' repository. Here are the install instructions.

Web Cache Deception Improvements

WCVS' web cache deception detections were improved by multiple new techniques. Further WCVS will also check for web cache deception if no cache indicator was spotted beforehand.

New Flag: -skiptimebased/--stime

This new flag will tell WCVS to not use measure time as a last resort to guess if a response was cached or not. The time measurements may indicate a cache even if there is none, eventually leading to unnecessary tests being performed.

Miscellaneous

All dependencies were updated.

Full Changelog: 1.2.1...1.3.0

Version 1.2.1 - IgnoreStatus flag

New Feature

The --ignorestatus / -is flag was added. It can be used to prevent false positives if, for example, a WAF is changing the status code to 429 Too Many Requests.

Usage: ./wcvs -is 418,429 -u https://example.com

Changelog

• added ignorestatus flag 54fb082 3c64fa0 08dbe83 161ed80
• updated deps 57e96de

Version 1.2.0 - Web Cache Deception Detection

Web Cache Deception

The WCVS now detects Web Cache Deception. It uses various techniques for this purpose:

• Path Parameter
• Path Traversal
• Appended Newline, Null Byte, Semicolon, Pound, Question Mark or Ampersand

In summary, WCVS's procedure is as follows:
If the cache returns a HIT, it is tested for web cache poisoning. If the cache always returns a MISS, it is tested for web cache deception.

Changelog

• Added Web Cache Deception Detection d773d4b 8a52b8b accdb13
• Added support for more common cache headers (from GoogleCloud, RackCache, Akamai & more) c6789a6
• Added Web Cache Deception & Bachelor's Thesis to the Readme 3c237c0 127125e

Version 1.1.2

• upgraded go from 1.16 to 1.21 962d3f0
• added ascii logo 765f18a
• improved curl command 7563a6e
• fixed typos 0dae597 2200155
• replaced depricated functions 189759e

Version 1.1.1

Changelog

Curl Command (new)

If a web cache poisoning was identified, the poisoning request is converted to a curl command and printed. Additionally, it is added to the report. Thus it's way easier than before to replicate/verify the web cache poisoning vulnerability 9d09f90 6e019f2

Bugfixes

Fixed a sneaky bug that prevented wcvs to identify cache headers cae91f2

Miscellaneous

• added custom cache header example to README a739a69
• upgraded Go dependencies 167741c
• replaced deprecated methods d0e9598 710101b

Version 1.1.0

Changelog

Output

• reworked the output to be more well-arranged and easier to read cd60764 6113208 7f57adf 0d50479 34b2111 31229c1 a8a5d83 249edbb
  bb1bf74

Bugfixes

• fixed runtime error (Thanks to @mo-xiaoxi for creating the issue!) 528397d

Improvements

• improved setting and validating the default status code and removed the "setStatusCode" flag a190547 6f0890a 190c5f0 ed34eb3

Miscellaneous

• upgraded Go libraries bb6814f

Version 1.0.1

Changelog

Readme: install methods

• fixed install option 2 - fetch repository using go (Thanks to @hahwul) 218f0af
• added install option 3 - docker (Thanks to @hahwul) 218f0af 9fd92dc 5f5d58b

web cache poisoning techniques

• improved HTTP Method Override DOS technique: added more HTTP request methods f4ca674
• added new DOS variant: X-Forward-Scheme c7b3b7c
• added new DOS variant: Set User-Agent to a probable blacklisted security scanner f17e0f5
• added new DOS variant: DOS via illegal header name (currently disabled, because of limitations of the go net/http module) 79ea4c5 b15374e

bug fixes

• fixed rate limiting bug rate Wait: rate: Wait(n=1) exceeds limiter's burst 0 ddfe105
• added missing string 9856114

minor improvements

• converting OnlyTest and SkipTest Value to lowercase cc1c14f
• improved header/parameter wordlist and other file read error messages 7d3f09d
• added check if proxy cert could be added 150090c
• typo fix d1dfcca

miscellaneous

• added bash script to generate binaries and sha256 sums 9ada6c8
• changed go module from /v2 to / afedc51
• upgraded golang.org/x/net from v0.0.0-20211020060615-d418f374d309 to v0.0.0-20220107192237-5cfca573fb4d afedc51
• upgraded golang.org/x/time from v0.0.0-20210723032227-1f47c861a9ac to v0.0.0-20211116232009-f0f3c7e86c11 afedc51

Version 1.0.0

Changelog

5a58c72 f3e5baf Improved false positives countermeasures
d872a5f Added new flag to configure the time difference between cache hits and misses
951acdc Updated go dependencies
99e5c5d Fixed a deadlock bug. Fixed a JSON report bug

Version 0.4.39

Darwin-Amd64-wcvs-0_4_39.zip

b12ad4501dacfb5ed3d9cad9388e147ac73f953dc09f0d1cd0a916854ff96277 (SHA-256)
https://www.virustotal.com/gui/file/b12ad4501dacfb5ed3d9cad9388e147ac73f953dc09f0d1cd0a916854ff96277

Linux-Amd64-wcvs-0_4_39.zip

0b28e8520fa1cc3388d7a113f298960231d45eb3e4bcf89e196f6c8e6fb9afd2 (SHA-256)
https://www.virustotal.com/gui/file/0b28e8520fa1cc3388d7a113f298960231d45eb3e4bcf89e196f6c8e6fb9afd2

Windows-Amd64-wcvs-0_4_39.zip

edd44be2ede175c4db1bb5ed9f40e441b863934d9fddb742302829b372d10790 (SHA-256)
https://www.virustotal.com/gui/file/edd44be2ede175c4db1bb5ed9f40e441b863934d9fddb742302829b372d10790

Version 0.4.36

Linux-Amd64-wcvs-0_4_36.zip

a22baba1855d2c112f4b0d8b37b055520da3d18bcd2fcdea5738b5976ebb9679 (SHA-256)
https://www.virustotal.com/gui/file/a22baba1855d2c112f4b0d8b37b055520da3d18bcd2fcdea5738b5976ebb9679/detection

Windows-Amd64-wcvs-0_4_36.zip

5a5f2ec9696fb433b834f44d435d4906adcf6c750697fcc322751047b4d7acab (SHA-256)
https://www.virustotal.com/gui/file/5a5f2ec9696fb433b834f44d435d4906adcf6c750697fcc322751047b4d7acab/detection