From 2f8097e15f67dc835a48e1281714c29d18679331 Mon Sep 17 00:00:00 2001 From: PortSwigger Wiener <136816696+PortSwiggerWiener@users.noreply.github.com> Date: Mon, 27 Nov 2023 10:40:25 +0000 Subject: [PATCH 1/3] Add Proxy HTTP filter examples. --- Proxy/HTTP/FilterOnCookieValue.bambda | 16 +++++++++++++ ...ONresponsesWithIncorrectContentType.bambda | 17 ++++++++++++++ Proxy/HTTP/FindRolesWithinJWTClaims.bambda | 23 +++++++++++++++++++ 3 files changed, 56 insertions(+) create mode 100644 Proxy/HTTP/FilterOnCookieValue.bambda create mode 100644 Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda create mode 100644 Proxy/HTTP/FindRolesWithinJWTClaims.bambda diff --git a/Proxy/HTTP/FilterOnCookieValue.bambda b/Proxy/HTTP/FilterOnCookieValue.bambda new file mode 100644 index 0000000..f5807ed --- /dev/null +++ b/Proxy/HTTP/FilterOnCookieValue.bambda @@ -0,0 +1,16 @@ +/** + * Filters Proxy HTTP history for requests with a specific Cookie value. + * + * @author LostCoder + **/ + +if (requestResponse.request().hasParameter("foo", HttpParameterType.COOKIE)) { + var cookieValue = requestResponse + .request() + .parameter("foo", HttpParameterType.COOKIE) + .value(); + + return cookieValue.contains("1337"); +} + +return false; diff --git a/Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda b/Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda new file mode 100644 index 0000000..9ca1737 --- /dev/null +++ b/Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda @@ -0,0 +1,17 @@ +/** + * Finds JSON responses with wrong Content-Type + * + * The content is probably json but the content type is not application/json + * + * @author albinowax + **/ + +var contentType = requestResponse.response().headerValue("Content-Type"); + +if (contentType != null && !contentType.contains("application/json")) { + String body = requestResponse.response().bodyToString().trim(); + + return body.startsWith( "{" ) || body.startsWith( "[" ); +} + +return false; diff --git a/Proxy/HTTP/FindRolesWithinJWTClaims.bambda b/Proxy/HTTP/FindRolesWithinJWTClaims.bambda new file mode 100644 index 0000000..49db231 --- /dev/null +++ b/Proxy/HTTP/FindRolesWithinJWTClaims.bambda @@ -0,0 +1,23 @@ +/** + * Find role within JWT claims + * + * @author Trikster + **/ + +var body = requestResponse.response().bodyToString().trim(); + +if (requestResponse.response().hasHeader("authorization")) { + var authValue = requestResponse.response().headerValue("authorization"); + + if (authValue.startsWith("Bearer ey")) { + var tokens = authValue.split("\\."); + + if (tokens.length == 3) { + var decodedClaims = utilities().base64Utils().decode(tokens[1], Base64DecodingOptions.URL).toString(); + + return decodedClaims.toLowerCase().contains("role"); + } + } +} + +return false; From bb2a66b9fd165f8945800b1edce263f4851ec450 Mon Sep 17 00:00:00 2001 From: ps-porpoise <152162390+ps-porpoise@users.noreply.github.com> Date: Mon, 27 Nov 2023 10:48:14 +0000 Subject: [PATCH 2/3] Add response null-check to FindJSONresponsesWithIncorrectContentType.bambda --- Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda b/Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda index 9ca1737..dcc1dcc 100644 --- a/Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda +++ b/Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda @@ -6,7 +6,7 @@ * @author albinowax **/ -var contentType = requestResponse.response().headerValue("Content-Type"); +var contentType = requestResponse.hasResponse() ? requestResponse.response().headerValue("Content-Type") : null; if (contentType != null && !contentType.contains("application/json")) { String body = requestResponse.response().bodyToString().trim(); From 0739fe2c2a536f8a6df3a9831a815ebcbc172afd Mon Sep 17 00:00:00 2001 From: ps-porpoise <152162390+ps-porpoise@users.noreply.github.com> Date: Mon, 27 Nov 2023 10:50:04 +0000 Subject: [PATCH 3/3] Add response null-check to FindRolesWithinJWTClaims.bambda. --- Proxy/HTTP/FindRolesWithinJWTClaims.bambda | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Proxy/HTTP/FindRolesWithinJWTClaims.bambda b/Proxy/HTTP/FindRolesWithinJWTClaims.bambda index 49db231..4207b2d 100644 --- a/Proxy/HTTP/FindRolesWithinJWTClaims.bambda +++ b/Proxy/HTTP/FindRolesWithinJWTClaims.bambda @@ -4,6 +4,11 @@ * @author Trikster **/ +if (!requestResponse.hasResponse()) +{ + return false; +} + var body = requestResponse.response().bodyToString().trim(); if (requestResponse.response().hasHeader("authorization")) {