From d505ac42b62b8f9a503f57bdd82beda326202416 Mon Sep 17 00:00:00 2001
From: GangGreenTemperTatum
 <104169244+GangGreenTemperTatum@users.noreply.github.com>
Date: Wed, 17 Jul 2024 16:47:15 -0400
Subject: [PATCH] feat: highlight easy param miner requests

---
 .../HTTP/HighlightParamMinerTargets.bambda    | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 Filter/Proxy/HTTP/HighlightParamMinerTargets.bambda

diff --git a/Filter/Proxy/HTTP/HighlightParamMinerTargets.bambda b/Filter/Proxy/HTTP/HighlightParamMinerTargets.bambda
new file mode 100644
index 0000000..4903f34
--- /dev/null
+++ b/Filter/Proxy/HTTP/HighlightParamMinerTargets.bambda
@@ -0,0 +1,33 @@
+/**
+ * Filters non-empty 200 response classes 
+ * 
+ * // Use `cat your-oas-api-spec-doc.json | jq -r '.components.schemas.[].properties? | keys? | .[]' | sort -u > json-wordlist.txt` to create a wordlist prior to attacking endpoints with paramminer
+ * 
+ * @author GangGreenTemperTatum (https://github.com/GangGreenTemperTatum)
+ **/
+
+var configNoFilter = false;        // if set to false, won't show JS, GIF, JPG, PNG, CSS.
+var configInScopeOnly = true;      // if set to true, won't show out-of-scope items
+var request = requestResponse.request(); // create a var for request
+var response = requestResponse.response(); // create a var for response
+
+if (configInScopeOnly && !request.isInScope()) {
+    return false;
+}
+
+if (response == null || !response.isStatusCodeClass(StatusCodeClass.CLASS_2XX_SUCCESS)) {
+    return false; // return only status codes of 2xx
+}
+
+// verify that the request is a POST, PUT, or PATCH
+if (!requestResponse.hasResponse() || request.method().equals("POST") || request.method().equals("PATCH") || request.method().equals("PUT")) {
+    // verify that the response is json
+    var contentType = response.headerValue("Content-Type");
+
+    // verify the content-type is json
+    if (contentType != null && contentType.contains("application/json")) {
+        return true;
+    }
+}
+
+return false; // This line ensures the method returns a boolean value
\ No newline at end of file