Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: highlight easy param miner requests #76

Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 54 additions & 0 deletions Filter/Proxy/HTTP/HighlightParamMinerTargets.bambda
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
/**
* Filters non-empty 200 json-based response classes which can be used to find easy routes to attack with the paramminer guess json params and a custom wordlist, ie:
*
// $ cat your-oas-api-spec-doc.json | jq -r '.components.schemas.[].properties? | keys? | .[]' | sort -u > json-wordlist.txt
*
* @author GangGreenTemperTatum (https://github.com/GangGreenTemperTatum)
**/

var configNoFilter = false; // if set to false, won't show JS, GIF, JPG, PNG, CSS.
var configInScopeOnly = true; // if set to true, won't show out-of-scope items

if (!requestResponse.hasResponse() || (configInScopeOnly && !requestResponse.request().isInScope()) || !requestResponse.response().isStatusCodeClass(StatusCodeClass.CLASS_2XX_SUCCESS))
{
return false;
}

var request = requestResponse.request();
var response = requestResponse.response();

// Process path and mimeType for filtering
var path = request.pathWithoutQuery().toLowerCase();
var mimeType = requestResponse.mimeType();
var filterDenyList = mimeType != MimeType.CSS
&& mimeType != MimeType.IMAGE_UNKNOWN
&& mimeType != MimeType.IMAGE_JPEG
&& mimeType != MimeType.IMAGE_GIF
&& mimeType != MimeType.IMAGE_PNG
&& mimeType != MimeType.IMAGE_BMP
&& mimeType != MimeType.IMAGE_TIFF
&& mimeType != MimeType.UNRECOGNIZED
&& mimeType != MimeType.SOUND
&& mimeType != MimeType.VIDEO
&& mimeType != MimeType.FONT_WOFF
&& mimeType != MimeType.FONT_WOFF2
&& mimeType != MimeType.APPLICATION_UNKNOWN
&& !path.endsWith(".js")
&& !path.endsWith(".gif")
&& !path.endsWith(".jpg")
&& !path.endsWith(".png")
&& !path.endsWith(".css");

// If filtering is not applied or the deny list conditions are met, proceed to check content type
if (configNoFilter || filterDenyList) {
// verify that the request is a POST, PUT, or PATCH and that the response is json
if (request.method().equals("POST") || request.method().equals("PATCH") || request.method().equals("PUT")) {
var contentType = response.headerValue("Content-Type");
// verify the content-type is json
if (contentType != null && contentType.contains("application/json")) {
return true;
}
}
}

return false; // Ensure method returns a boolean in all cases
Loading