0:08 Hey, this is James Kettle from
0:10 Potswigger and I just wanted to show off
0:12 a cool new feature that I've just added
0:16 to Turbo Intruder. So, in this window
0:18 here, you can see I've run a folder
0:22 brute force attack on portiger.net
0:24 and we've sent a few thousand requests.
0:27 So the challenge now is to find the
0:30 interesting results like what files has
0:31 it found, what folders, what other kind
0:33 of weird behavior and maybe like
0:35 front-end server mappings have we got?
0:37 Maybe there's different backend servers,
0:39 maybe there aren't. Maybe there's some
0:41 interesting cache rules only on certain
0:43 parts. This is all stuff that I'd love
0:46 to find in this table, but doing this
0:49 manually can be quite painful because
0:51 there's a whole lot of responses here.
0:54 There's 3,000, right? And the classic
0:57 approach to doing this is to sort by one
1:00 column like maybe the length and then
1:02 kind of scroll through and then sort by
1:04 a different column and so on. But this
1:07 approach is labor intensive and takes
1:08 ages. So I've just added a super cool
1:11 new feature called anomaly rank. What
1:15 this does is it uses a local AI free
1:20 algorithm to calculate and rank every
1:24 single response for how unique that
1:27 response is, how anomalous it is. So the
1:30 higher the score, the uh the more
1:32 anomalous it is. So if we hit that, we
1:34 can instantly see now we've got all the
1:37 interesting things at the top of our
1:39 table. And the cool thing is this
1:42 algorithm can spot some really subtle
1:45 and interesting things. Uh it is just it
1:47 just has this kind of knack for finding
1:50 valuable stuff such as the fact that we
1:53 can immediately see here if you hit /
1:56 404 uh then you get a 200 status code
1:59 which is quite weird. Uh and once again
2:02 if you hit / error you also get a 200.
2:04 And there's there's a whole bunch of
2:07 really interesting things here. Uh, I'd
2:08 encourage you to give it a go for
2:12 yourself on one of your websites. Uh, it
2:14 can spot things like all the different
2:17 types of 44 pages and it just flags
2:19 them. And basically, when you run an
2:22 attack like this, the rare stuff is the
2:23 interesting stuff. That's the stuff that
2:25 you want to manually look at. And this
2:27 just saves you a bunch of pain in
2:29 finding those things.
2:31 Also, this algorithm happens to be
2:33 really good for AI because if you give
2:37 an AI 2 or 3,000 HP responses, that's
2:39 going to blow up the context window and
2:41 it won't manage to do anything useful
2:43 with that whatsoever. Whereas, with
2:48 this, you just give it the top 20 uh
2:50 results as dictated per the anomaly rank
2:52 and great, now it's got something that
2:54 it can actually cope with and it can
2:57 just focus at looking at the interesting
2:59 stuff. So yeah, I hope you find this
3:02 useful. Turbo Intruder will actually now
3:05 sort by this column by default when the
3:07 attack finishes to reduce the amount of
3:10 interaction you have to to do as you can
3:12 see here. Uh but if you don't like that,
3:14 that's fair enough. I understand that.
3:17 So in the code, you can use table set
3:19 order and then it will automatically
3:22 sort by any column that you'd rather it
3:25 used. Uh hope that's useful. Let me know
