whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[Add] is authZ|implict grant type

Browse source
This commit is contained in:
tv0924@icloud.com 2025-05-19 11:08:20 +09:00
commit 889d7cfbf2
12 changed files with 2437 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

218
.gitignore vendored Normal file
View file

@ -0,0 +1,218 @@
# Created by https://www.toptal.com/developers/gitignore/api/node,macos,windows,linux
# Edit at https://www.toptal.com/developers/gitignore?templates=node,macos,windows,linux
### Linux ###
*~
# temporary files which can be created if a process still has a handle open of a deleted file
.fuse_hidden*
# KDE directory preferences
.directory
# Linux trash folder which might appear on any partition or disk
.Trash-*
# .nfs files are created when an open file is removed but is still being accessed
.nfs*
### macOS ###
# General
.DS_Store
.AppleDouble
.LSOverride
# Icon must end with two \r
Icon
# Thumbnails
._*
# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
### macOS Patch ###
# iCloud generated files
*.icloud
### Node ###
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
.pnpm-debug.log*
# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
# Runtime data
pids
*.pid
*.seed
*.pid.lock
# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov
# Coverage directory used by tools like istanbul
coverage
*.lcov
# nyc test coverage
.nyc_output
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
.grunt
# Bower dependency directory (https://bower.io/)
bower_components
# node-waf configuration
.lock-wscript
# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release
# Dependency directories
node_modules/
jspm_packages/
# Snowpack dependency directory (https://snowpack.dev/)
web_modules/
# TypeScript cache
*.tsbuildinfo
# Optional npm cache directory
.npm
# Optional eslint cache
.eslintcache
# Optional stylelint cache
.stylelintcache
# Microbundle cache
.rpt2_cache/
.rts2_cache_cjs/
.rts2_cache_es/
.rts2_cache_umd/
# Optional REPL history
.node_repl_history
# Output of 'npm pack'
*.tgz
# Yarn Integrity file
.yarn-integrity
# dotenv environment variable files
.env
.env.development.local
.env.test.local
.env.production.local
.env.local
# parcel-bundler cache (https://parceljs.org/)
.cache
.parcel-cache
# Next.js build output
.next
out
# Nuxt.js build / generate output
.nuxt
dist
# Gatsby files
.cache/
# Comment in the public line in if your project uses Gatsby and not Next.js
# https://nextjs.org/blog/next-9-1#public-directory-support
# public
# vuepress build output
.vuepress/dist
# vuepress v2.x temp and cache directory
.temp
# Docusaurus cache and generated files
.docusaurus
# Serverless directories
.serverless/
# FuseBox cache
.fusebox/
# DynamoDB Local files
.dynamodb/
# TernJS port file
.tern-port
# Stores VSCode versions used for testing VSCode extensions
.vscode-test
# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*
### Node Patch ###
# Serverless Webpack directories
.webpack/
# Optional stylelint cache
# SvelteKit build / generate output
.svelte-kit
### Windows ###
# Windows thumbnail cache files
Thumbs.db
Thumbs.db:encryptable
ehthumbs.db
ehthumbs_vista.db
# Dump file
*.stackdump
# Folder config file
[Dd]esktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
# Windows Installer files
*.cab
*.msi
*.msix
*.msm
*.msp
# Windows shortcuts
*.lnk
# End of https://www.toptal.com/developers/gitignore/api/node,macos,windows,linux

9
LICENSE Normal file
View file

@ -0,0 +1,9 @@
MIT License
Copyright (c) 2024 [Author]
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

18
caido.config.ts Normal file
View file

@ -0,0 +1,18 @@
import { defineConfig } from "@caido-community/dev";
export default defineConfig({
id: "caido-oauth",
name: "Caido OAuth",
description: "Plugin for OAuth",
version: "0.0.0",
author: {
name: "WHS Safe Us Team",
},
plugins: [
{
kind: "backend",
id: "backend",
root: "packages/backend",
},
],
});

14
package.json Normal file
View file

@ -0,0 +1,14 @@
{
"name": "caido-oauth",
"version": "0.0.0",
"private": true,
"scripts": {
"typecheck": "pnpm -r typecheck",
"build": "caido-dev build",
"watch": "caido-dev watch"
},
"devDependencies": {
"@caido-community/dev": "^0.1.3",
"typescript": "5.5.4"
}
}

13
packages/backend/package.json Normal file
View file

@ -0,0 +1,13 @@
{
"name": "backend",
"version": "0.0.0",
"type": "module",
"types": "src/index.ts",
"scripts": {
"typecheck": "tsc --noEmit",
"build": "vite build"
},
"devDependencies": {
"@caido/sdk-backend": "^0.46.0"
}
}

48
packages/backend/src/controller/authZCodeGrant.ts Normal file
View file

@ -0,0 +1,48 @@
import type { Request } from "caido:utils";
export class AuthZCodeGrantController {
constructor() {}
isAuthZReq(req: Request) {
// const path = req.getPath();
const query = req.getQuery();
// const raw = req.getRaw().toString();
// 쿼리에 client_id and response_type=code 포함 확인
if (query.includes("client_id=") && query.includes("response_type=code")) {
return true;
}
return false;
}
isSendCodeToClient(req: Request) {
const path = req.getPath();
const query = req.getQuery();
// code & state 쌍 또는 path에 &code= 또는 쿼리로 code= 유사 일치 확인
if (
(query.includes("code=") && query.includes("state=")) ||
path.includes("&code=") ||
/code=%/i.test(query)
) {
return true;
}
return false;
}
testReq(req: Request) {
if (this.isAuthZReq(req)) {
return "isAuthZReq";
}
if (this.isSendCodeToClient(req)) {
return "isSendCodeToClient";
}
return false;
}
// isAccessTokenReq(req: Response) {
// }
}

40
packages/backend/src/controller/implictGrant.ts Normal file
View file

@ -0,0 +1,40 @@
import type { Request } from "caido:utils";
export class ImplicitGrantController {
isImplicitGrantReq(req: Request) {
const query = req.getQuery();
// const raw = req.getRaw().toString();
// 쿼리에 client_id and response_type=token 포함 확인
if (query.includes("client_id=") && query.includes("response_type=token")) {
return true;
}
return false;
}
isSendTokenToClient(req: Request) {
const path = req.getPath();
const query = req.getQuery();
if (
(query.includes("access_token=") && query.includes("state=")) ||
path.includes("&access_token=") ||
/access_token=%/i.test(query)
) {
return true;
}
return false;
}
testReq(req: Request) {
if (this.isImplicitGrantReq(req)) {
return "isImplicitGrantReq";
}
if (this.isSendTokenToClient(req)) {
return "isSendTokenToClient";
}
return false;
}
}

44
packages/backend/src/index.ts Normal file
View file

@ -0,0 +1,44 @@
import type { SDK, DefineAPI } from "caido:plugin";
import type { Request } from "caido:utils";
import { ImplicitGrantController } from "./controller/implictGrant";
import { AuthZCodeGrantController } from "./controller/authZCodeGrant";
export type API = DefineAPI<{}>;
const implicitGrantController = new ImplicitGrantController();
const authZCodeGrantController = new AuthZCodeGrantController();
// function matchSSORequest(req: Request): boolean {
// const raw = req.getRaw().toString();
// // 조건 3: Raw request에 SAMLRequest 또는 SAMLResponse 포함
// if (raw.includes("SAMLRequest=") || raw.includes("SAMLResponse=")) {
// return true;
// }
// return false;
// }
// function matchAccessTokenResponse(resp: Response): boolean {
// const raw = resp.getRaw().toString();
// const match = /"access_token"\s*:\s*"([^"]+)"/.exec(raw);
// return !!match;
// }
export function init(sdk: SDK<API>) {
sdk.events.onInterceptRequest(async (sdk, req: Request) => {
const result =
authZCodeGrantController.testReq(req) ||
implicitGrantController.testReq(req);
if (result) {
await sdk.findings.create({
title: "Possible SSO Request Detected",
description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
request: req,
reporter: "",
});
}
});
}

7
packages/backend/tsconfig.json Normal file
View file

@ -0,0 +1,7 @@
{
"extends": "../../tsconfig.json",
"compilerOptions": {
"types": ["@caido/sdk-backend"]
},
"include": ["./src/**/*.ts"]
}

2000
pnpm-lock.yaml generated Normal file
View file

File diff suppressed because it is too large Load diff

2
pnpm-workspace.yaml Normal file
View file

@ -0,0 +1,2 @@
packages:
- 'packages/*'

24
tsconfig.json Normal file
View file

@ -0,0 +1,24 @@
{
"compilerOptions": {
"target": "esnext",
"module": "esnext",
"lib": ["ESNext"],
"jsx": "preserve",
"noImplicitAny": true,
"noUncheckedIndexedAccess": true,
"strict": true,
"skipLibCheck": true,
"resolveJsonModule": true,
"moduleResolution": "bundler",
"esModuleInterop": true,
"sourceMap": true,
"noUnusedLocals": true,
"useDefineForClassFields": true,
"isolatedModules": true,
"baseUrl": "."
}
}