Wednesday 18 October 2017

SELinux: Adding a trusted directory into the httpd policy

By default on CentOS 7 / RHEL the '/var/www' directory is not permitted as part of the httpd policy - so instead we need to use semanage command in order to add this directory:

semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/'

and then apply the context changes with:

restorecon -v /var/www/

you will also need to apply the context changes to any files within the directory as well e.g.:

restorecon -v /var/www/index.html

Thursday 5 October 2017

Using Arachni Scanner with cookies / restricted areas

Below is a command line example I like to use with the Arachni Scanner - it allows you to use a session cookie (you can obtain from something like tamperdata) and ensures that specific URL's are not caled - for example logoff - which would (obviously) kill our session:

./arachni --http-cookie-string "cookie123" --scope-exclude-pattern logoff --scope-exclude-pattern login https://yourdomain.com/auth/restrictedarea/