Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

Google Dorks: Analysis, Creation, and New Defenses

Flavio Toffalini

0 vote(s)

Informally, a dork is a particular query string submitted to a search engine, crafted in a way to fingerprint not a particular piece of information (the typical goal of a search engine) but the core structure that a web site inherits from its underlying application framework. In the literature, different types of dorks have been used for different purposes, e.g., to automatically detect mis-configured web sites or to list online shopping sites that are built using a particular CMS. With attackers running autonomous scout and exploitation bots, which scan the web for possible targets to attack with the corresponding exploit, we believe that a first important step towards securing web applications consists of breaking this automation.

In this paper we present a different solution - a form of diversification is applied not to prevent the exploitation phase, but to prevent the attackers from fingerprinting vulnerable applications. While other researchers have looked at the use of dorks in the wild, in this paper we study their characteristics and their effectiveness from the defendant viewpoint.

In this work we bring the following contributions:

- We present the first comprehensive study of the mechanisms used by dorks and we improve the literature classification in order to understand the main issues and develop the best defenses.

- We design and implement a tool to block dorks based on URL information without changing the Web application and without affecting the site ranking in the search engines.

- We study dorks based on combinations of common words, and we implement a tool to automatically create them and evaluate thei effectiveness. Our experiments demonstrate that it is possible to build a dork using non-trivial information left by the Web application framework.

- We propose a simple but effective countermeasure to prevent dorks based on common words, without removing them from the page.

About Flavio Toffalini

I am a Ph.D. student at Singapore University of Technology and Design, at the moment I am working at a Cyber Security project to detect and prevent malicious insiders, the project is set in collaboration with ST Electronics and it is under the supervision of assistant professor Martin Ochoa. I earned my Master Degree at University of Verona with a thesis in Web security which is the result of a visiting at Eurecom under the supervision of assistant professor Davide Balzarotti. Before my actual position in Singapore I was a researcher in static analysis for Android/Java at Julia, an Italian spin-off of University of Verona.