Class: API_Fuzzer::RedirectCheck

Inherits:
Object
  • Object
show all
Defined in:
lib/API_Fuzzer/redirect_check.rb

Constant Summary collapse

REDIRECT_URL = 
'http://127.0.0.1:3000/ping'
ALLOWED_METHODS = 
[:get, :post]

Class Method Summary collapse

Class Method Details

.fuzz_each_parameter(parameter) ⇒ Object 



76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
 
# File 'lib/API_Fuzzer/redirect_check.rb', line 76

def fuzz_each_parameter(parameter)
  params = @params
  params[parameter] = REDIRECT_URL
  ALLOWED_METHODS.each do |method|
    begin
      response = API_Fuzzer::Request.send_api_request(
        url: @url,
        method: method,
        cookies: @cookies,
        params: params,
        headers: @headers
      )

      @vulnerabilities << API_Fuzzer::Vulnerability.new(
        description: "Possible Open Redirect vulnerability in #{method} #{url}",
        parameter: "Parameter: #{parameter}",
        value: "[PAYLOAD] #{params.to_s.gsub(REDIRECT_URL, 'PAYLOAD_URL')}",
        type: 'MEDIUM'
      ) if response.headers['LOCATION'] =~ /#{REDIRECT_URL}/
    rescue Exception => e
      puts e.message
    end
  end
end

.fuzz_fragment(url) ⇒ Object 



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/API_Fuzzer/redirect_check.rb', line 53

def fuzz_fragment(url)
  ALLOWED_METHODS.each do |method|
    begin
      response = API_Fuzzer::Request.send_api_request(
        url: url,
        method: method,
        cookies: @cookies,
        params: @params,
        headers: @headers
      )

      @vulnerabilities << API_Fuzzer::Vulnerability.new(
        description: "Possible Open Redirect vulnerability in #{method} #{url}",
        parameter: "URL: #{url}",
        value: "[PAYLOAD] #{url.gsub(REDIRECT_URL, 'PAYLOAD_URL')}",
        type: 'MEDIUM'
      ) if response.headers['Location'] =~ /#{REDIRECT_URL}/
    rescue Exception => e
      puts e.message
    end
  end
end

.fuzz_payloadObject 



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/API_Fuzzer/redirect_check.rb', line 29

def fuzz_payload
  uri = URI(@url)
  path = uri.path
  query = uri.query
  # base_uri = query.nil? ? path : [path, query].join("?")
  fragments = path.split(/[\/,?,&]/) - ['']
  fragments << query.split('&') if query
  fragments.flatten!
  fragments.each do |fragment|
    if fragment.match(/\A(\w+)=(.?*)\z/) && valid_url?($2)
      url = @url.gsub($2, REDIRECT_URL).chomp
      fuzz_fragment(url)
    elsif valid_url?(fragment)
      url = @url.gsub(fragment, REDIRECT_URL)
      fuzz_fragment(url)
    end
  end
  return if @params.empty?

  @params.keys.each do |parameter|
    fuzz_each_parameter(parameter) if valid_url? @params[parameter]
  end
end

.scan(options = {}) ⇒ Object 



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/API_Fuzzer/redirect_check.rb', line 11

def scan(options = {})
  @url = options[:url]
  @params = options[:params] || {}
  @cookies = options[:cookies] || {}
  @json = options[:json] || false
  @headers = options[:headers] || {}

  @vulnerabilities = []
  fuzz_payload
  return @vulnerabilities.uniq { |vuln| vuln.description }
rescue Exception => e
  @vulnerabilities << API_Fuzzer::Error.new(
    description: e.message,
    status: 'ERROR',
    value: e.backtrace
  )
end

.valid_url?(url) ⇒ Boolean

Returns:

  • (Boolean) 


101
102
103
 
# File 'lib/API_Fuzzer/redirect_check.rb', line 101

def valid_url? url
  url =~ URI.regexp
end