Ecole d'ingénieur et centre de recherche en Sciences du numérique

Google dorks: analysis, creation, and new defenses

Toffalini, Flavio; Abba, Maurizio; Carra, Damiano; Balzarotti, Davide

DIMVA 2016, 13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 7-8, 2016, San Sebastian, Spain / Also published in LNCS, Vol 9721/2016

With the advent of Web 2.0, many users started to maintain personal web pages to show information about themselves, their businesses, or to run simple e-commerce applications. This transition has been facilitated by a large number of frameworks and applications that can be easily installed and customized. Unfortunately, attackers have taken advantage of the widespread use of these technologies - for example by crafting special search engines queries to fingerprint an application framework and automatically locate possible targets. This approach, usually called Google Dorking, is at the core of many automated exploitation bots. In this paper we tackle this problem in three steps. We first perform a large-scale study of existing dorks, to understand their typology and the information attackers use to identify their target applications. We then propose a defense technique to render URL-based dorks ineffective. Finally we study the effectiveness of building dorks by using only combinations of generic words, and we propose a simple but effective way to protect web applications against this type of fingerprinting. 

Document Doi Bibtex

Titre:Google dorks: analysis, creation, and new defenses
Type:Conférence
Langue:English
Ville:San Sebastian
Pays:ESPAGNE
Date:
Département:Sécurité numérique
Eurecom ref:4892
Copyright: © Springer. Personal use of this material is permitted. The definitive version of this paper was published in DIMVA 2016, 13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 7-8, 2016, San Sebastian, Spain / Also published in LNCS, Vol 9721/2016 and is available at : http://dx.doi.org.10.1007/978-3-319-40667-1_13
Bibtex: @inproceedings{EURECOM+4892, doi = {http://dx.doi.org.10.1007/978-3-319-40667-1_13}, year = {2016}, title = {{G}oogle dorks: analysis, creation, and new defenses}, author = {{T}offalini, {F}lavio and {A}bba, {M}aurizio and {C}arra, {D}amiano and {B}alzarotti, {D}avide}, booktitle = {{DIMVA} 2016, 13th {C}onference on {D}etection of {I}ntrusions and {M}alware \& {V}ulnerability {A}ssessment, {J}uly 7-8, 2016, {S}an {S}ebastian, {S}pain / {A}lso published in {LNCS}, {V}ol 9721/2016 }, address = {{S}an {S}ebastian, {ESPAGNE}}, month = {07}, url = {http://www.eurecom.fr/publication/4892} }
Voir aussi: