web-analyzer 0.1.11

Enterprise domain security & intelligence platform — WHOIS, DNS, SEO, tech detection, subdomain takeover, API security scanning, and more
Documentation
# Feature Request: Web Cache Deception & Poisoning Scanner

## Overview
As more applications rely on heavy caching layers (Cloudflare, Fastly, Akamai), misconfigurations between the origin server and the cache server lead to severe vulnerabilities:
1. **Web Cache Deception (WCD)**: Tricking the cache into storing authenticated data (like `/profile`) on a static extension (like `/profile/app.js`), allowing attackers to steal session data.
2. **Web Cache Poisoning (WCP)**: Injecting unkeyed HTTP headers (like `X-Forwarded-Host`) that get cached and served to innocent users.

## Implementation Requirements

1. **New Module**: Create `src/cache_security.rs`.
2. **Cache Deception Probing**:
   - Identify an authenticated or sensitive endpoint (e.g., `/api/user`).
   - Append static extensions (e.g., `/api/user/test.css`, `/api/user%3f.jpg`).
   - Analyze the `X-Cache` or `Cf-Cache-Status` headers to see if the response was cached (e.g., `HIT`).
3. **Cache Poisoning Probing**:
   - Send requests with common unkeyed headers (e.g., `X-Forwarded-Host: poison.com`, `X-Original-URL: /poison`).
   - Check if the response reflects `poison.com`.
   - Send the request again without the header and see if the poisoned response is served from the cache.

## Why is this Pro-Level?
Cache vulnerabilities are complex and highly dependent on the target's infrastructure. Automating the discovery of WCD and WCP is a feature usually reserved for enterprise Dynamic Application Security Testing (DAST) tools like Burp Suite Pro.