New Watcher rule for custom-defined pattern matching

January 21st, 2013 by

The passive Web-application vulnerability scanner Watcher has been updated with a new check that allows you to define a custom pattern in the form of a regular expression. Each incoming HTML, javascript, or JSON response will be checked for a match.

To see this, download Watcher, go to the Checks tab, and select “Miscellaneous – Check HTTP response body for custom-defined regex patterns.”

Watcher-Regex

From here, you can add as many regex patterns as you’d like. Each one will be check, and if matches are found they will be reported in bulk per response. For example, if you wanted to extract all things that look like email addresses, you could add this rule:

\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b

On the results tab of Watcher, you’ll find your matches:

Watcher-regex result

That’s about it, pretty simple, but bear a few warnings:

  1. Watcher will not validate your regex, that’s up to you to make sure it works with C# syntax!
  2. Bad regex patterns could cause Fiddler to stop functioning, for example if they consume too many CPU or memory resources.

Happy bug hunting!

Tags:



Leave a Comment