Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Empty attack type #276

Open
leoalb opened this issue Sep 26, 2018 · 5 comments
Open

Empty attack type #276

leoalb opened this issue Sep 26, 2018 · 5 comments

Comments

@leoalb
Copy link

leoalb commented Sep 26, 2018

When I intend to recreate a xss attack, tanner.log recognize and tag the attack correctly but tanner api returns "attack_types": [].

@afeena
Copy link
Collaborator

afeena commented Sep 28, 2018

Hi @leoalb
Tanner api doesn't update real-time. Session is analyzed after expiration, that is why probably you didn't see it in the api. Can you check please if you still have this problem?

@leoalb
Copy link
Author

leoalb commented Sep 28, 2018

Hello @afeena . Yes, the problem persist, but I think it's only when the attack type is xss, because when the type is cmd_exec the attack_type is ok. could it be possible?.

the log:
2018-09-28 17:30:20 INFO:tanner.server:handle_event: TANNER response {'version': '0.6.0', 'response': {'message': {'detection': {'name': 'xss', 'order': 3, 'payload': {'value': '<script>alert("ok")</script>', 'page': '/index.html'}, 'type': 2, 'version': '0.6.0'}, 'sess_uuid': '5decfcd4-42f5-4b2b-91eb-9f27b4bde082'}}}

json: "...attack_types": []. And the attack_type field on the web for that sess_uuid is empty of course.

Thanks.

@Parth1811
Copy link
Contributor

Parth1811 commented Mar 20, 2020

How can we replicate this, I'm unable to confirm this behavior

@ba1ajinaidu
Copy link

Is this issue still valid? It works fine for me

@melqtx
Copy link

melqtx commented Oct 11, 2024

knock knock

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants