Thread Rating:
  • 2 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to use MoC crawler
10-16-2011, 06:42 PM,
Lightbulb  How to use MoC crawler
Let's see how to use MoC Chrome Crawler :

get the OWASP Mantra MoC - Pre alpha from our download page

Run MoC and press Extensioner then Network Utilities to enable MoC extension - Chrome Crawler

[Image: MoC.png]

now open "Chrome Crawler" and right click to go to options to change setting according to your need

[Image: MoC-4.png]

here you can add the file types you might be interested in to find, uncheck pause in case you work on many tabs and don't want your crawling to be paused meanwhile and crawl depth or number of simultaneous page requests - save when done with.

[Image: MoC-5.png]

so let's crawl some site

[Image: MoC-6.png]

nice - so an admin panel is there at /adminpanel - what next Wink

[Image: MoC-7.png]

after some SQL injection -landed to the administrative panel but what else can be done with MoC other than ?

well most of the times when use automated security scanners it generates a big amount of log to server logs but not only that many times when the automated scanner try to check at every parameter to inject supplying some random data like email id phone numbers etc - it's very hard thereafter to remove them manually

[Image: MoC-9.jpg]

here comes MoC crawler that can be used to automatically delete those big junk, just check the *delete* parameter as in this case it was and press crawl to delete those entries automatically.

Note: sometimes because of JavaScript at the back-end this crawling may not work throwing delete confirmation message so in that case to stop creating any pop-up messages just go to wrench menu -> options - > Under the Hood -> Content Settings -> check "do not allow any site to run JavaScript" to disable JavaScript.

So we seen how it worked

[Image: MoC-8.png]

Do let us know your comments and quarries -

happy hacking Smile