FSCK 2023

Abstract

Raider is a novel, LISP-based framework for web application security
testing that abstracts the client-server information exchange as a
finite state machine. Each step comprises one request with inputs, one
response with outputs, arbitrary actions to do on the response, and
conditional links to other stages, creating a graph-like
structure. This architecture works not only for authentication
purposes but can be used for any HTTP process that needs to keep track
of states. In this presentation, we'll cover the motivation behind
Raider, the key concepts of the framework, and demonstrate how it can
automate complex HTTP processess. We'll show how Raider's flexibility
enables easy customization of attacks and how its clear text
configuration makes reproducing, sharing, and modifying attacks easy.

Outline

1. Introduction
   - Present myself
   - Origins of Raider and the problem it was created to solve
   - The gap in current web app security testing tools
   - The challenges of testing authentication processes
   - Limitations with static configuration files like JSON
   - How can LISP be used to solve those limitations
   - Why hylang was used

2. Methodology
   - Understanding and reverse engineering complex HTTP processes, like the Authentication
   - Abstracting the client-server information exchange as a Finite State Machine
   - Explain the core concepts in Raider: Flows, FlowGraphs, Request, Plugins, Operations

3. Demo
   - Automating registration and login processes in OWASP juiceshop
   - Automating SQL injection testing with Raider
   - Chaining together multiple vulnerabilities to exploit a more complex attack

4. Conclusions
   - What's next for Raider
   - Raider's limitations
   - Q/A session

Links to the project:

• Website: https://raiderauth.com/
• Source: https://github.com/OWASP/raider
• Documentation: https://docs.raiderauth.com/en/latest/
• Twitter: @raiderauth
• Mastodon: @raiderauth@infosec.exchange