Class: API_Fuzzer::RedirectCheck
- Inherits:
-
Object
- Object
- API_Fuzzer::RedirectCheck
- Defined in:
- lib/API_Fuzzer/redirect_check.rb
Constant Summary collapse
- REDIRECT_URL =
'http://127.0.0.1:3000/ping'
- ALLOWED_METHODS =
[:get, :post]
Class Method Summary collapse
- .fuzz_each_parameter(parameter) ⇒ Object
- .fuzz_fragment(url) ⇒ Object
- .fuzz_payload ⇒ Object
- .scan(options = {}) ⇒ Object
- .valid_url?(url) ⇒ Boolean
Class Method Details
.fuzz_each_parameter(parameter) ⇒ Object
76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 |
# File 'lib/API_Fuzzer/redirect_check.rb', line 76 def fuzz_each_parameter(parameter) params = @params params[parameter] = REDIRECT_URL ALLOWED_METHODS.each do |method| begin response = API_Fuzzer::Request.send_api_request( url: @url, method: method, cookies: @cookies, params: params, headers: @headers ) @vulnerabilities << API_Fuzzer::Vulnerability.new( description: "Possible Open Redirect vulnerability in #{method} #{url}", parameter: "Parameter: #{parameter}", value: "[PAYLOAD] #{params.to_s.gsub(REDIRECT_URL, 'PAYLOAD_URL')}", type: 'MEDIUM' ) if response.headers['LOCATION'] =~ /#{REDIRECT_URL}/ rescue Exception => e puts e. end end end |
.fuzz_fragment(url) ⇒ Object
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'lib/API_Fuzzer/redirect_check.rb', line 53 def fuzz_fragment(url) ALLOWED_METHODS.each do |method| begin response = API_Fuzzer::Request.send_api_request( url: url, method: method, cookies: @cookies, params: @params, headers: @headers ) @vulnerabilities << API_Fuzzer::Vulnerability.new( description: "Possible Open Redirect vulnerability in #{method} #{url}", parameter: "URL: #{url}", value: "[PAYLOAD] #{url.gsub(REDIRECT_URL, 'PAYLOAD_URL')}", type: 'MEDIUM' ) if response.headers['Location'] =~ /#{REDIRECT_URL}/ rescue Exception => e puts e. end end end |
.fuzz_payload ⇒ Object
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/API_Fuzzer/redirect_check.rb', line 29 def fuzz_payload uri = URI(@url) path = uri.path query = uri.query # base_uri = query.nil? ? path : [path, query].join("?") fragments = path.split(/[\/,?,&]/) - [''] fragments << query.split('&') if query fragments.flatten! fragments.each do |fragment| if fragment.match(/\A(\w+)=(.?*)\z/) && valid_url?($2) url = @url.gsub($2, REDIRECT_URL).chomp fuzz_fragment(url) elsif valid_url?(fragment) url = @url.gsub(fragment, REDIRECT_URL) fuzz_fragment(url) end end return if @params.empty? @params.keys.each do |parameter| fuzz_each_parameter(parameter) if valid_url? @params[parameter] end end |
.scan(options = {}) ⇒ Object
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# File 'lib/API_Fuzzer/redirect_check.rb', line 11 def scan( = {}) @url = [:url] @params = [:params] || {} @cookies = [:cookies] || {} @json = [:json] || false @headers = [:headers] || {} @vulnerabilities = [] fuzz_payload return @vulnerabilities.uniq { |vuln| vuln.description } rescue Exception => e @vulnerabilities << API_Fuzzer::Error.new( description: e., status: 'ERROR', value: e.backtrace ) end |
.valid_url?(url) ⇒ Boolean
101 102 103 |
# File 'lib/API_Fuzzer/redirect_check.rb', line 101 def valid_url? url url =~ URI.regexp end |