Test cases & and Test-Scripts/Tools
- Axel Dörrer
Owned by Axel Dörrer
Cases
Target 1: bring down OKAPI
- Scenario 1a: just throwing a lot of requests to Okapi from the public net
- on the https/http ports which are proxied
- Scenario 1b: throwing a lot of requests to Okapi directly to port 9130
- Scenario 2a: Buffer overflow OKAPI with huge header informations (proxied)
- Scenario 2b: Buffer overflow OKAPI with huge header informations (direct connection)
- others to be find
- Scenario 1a: just throwing a lot of requests to Okapi from the public net
Target 2: to bring down modules
- possible target without okapi session: mod-login
- Scenario 1: throwing a lot of requests to the module
- Scenario 2: Buffer overflow module with huge pay loads
- all other modules that needs a valid token with the matching permissions
- Scenario 1: throwing a lot of requests to the module
- Scenario 2: Buffer overflow module with huge pay loads
- others to be find
- possible target without okapi session: mod-login
Target 3: URL-Scripting (abusing by using get parameters)
- Do requests as a logged in users and resend request without token