Cache Deception v1.2

Version 1.2 Changes (Compared to 1.1)

Version 1.2 is built upon version 1.1 with the main focus on improving stability, detection accuracy, and code structure. Key differences:

• Code Modularization: The code has been split from a single file into 11 separate files (e.g., UIComponents.java for UI, PacketProcessor.java for packet processing, and FilterManager.java for filters) to make maintenance and development easier.
• Improved Vulnerability Detection: The getVulnerabilityStatus logic now parses headers more accurately (e.g., Cache-Control directives with key=value, CDN headers like X-Cache and cf-cache-status) and immediately flags any caching indicator (like max-age>0) as "vulnerable packet", without complex thresholds or scoring.
• Enhanced UI: Use of HttpRequestEditor and HttpResponseEditor instead of RawEditor for structured request/response display (with headers and HTTP format). The "Vulnerable" column now shows "vulnerable packet" in green.
• Bug Fixes: Compilation issues (like type mismatch in editors) and Montoya API incompatibilities fixed, with full packet construction for metadata (protocol, host, port) added.

These changes make the project more stable and user-friendly without altering the core functionality. For details, check the source code.

Download

Download the JAR with:

curl -L https://github.com/Nowafen/cache-deception-scanner/releases/download/v1.2/WCDScanner-1.2.jar -o WCDScanner-1.2.jar

Cache Deception v1.1

What's New in v1.1

• Handle multiple targets concurrently
• Updated core logic and synchronized with safe and reliable functions
• Added ~60 new methods for advanced target scanning
• UI improvements and redesign

Cache Deception v1.0

Initial release of Cache Deception Scanner. Download wcd.jar to use in Burp Suite.