whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

clientsecretCheck

Browse source
This commit is contained in:
kyu 2025-06-01 20:12:12 +09:00
commit b32d4e02af
2 changed files with 39 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

33
packages/backend/src/controller/clientsecretCheck.ts Normal file
View file

@ -0,0 +1,33 @@
import type { SDK } from "caido:plugin";
import type { Request } from "caido:utils";
export class ClientSecretController {
test(req: Request): boolean {
const query = req.getQuery() ?? ""; /* URL에서 검사 */
const bodyRaw = req.getBody(); /* BODY 에서 검사 */
const body = typeof bodyRaw === "string" ? bodyRaw : Array.isArray(bodyRaw) ? bodyRaw.join("&") : "";
const authRaw = req.getHeader("authorization"); /* authz 헤더 에서 검사 */
const auth = typeof authRaw === "string" ? authRaw : Array.isArray(authRaw) ? authRaw.join(" ") : "";
return (
query.includes("client_secret=") ||
body.includes("client_secret=") ||
auth.toLowerCase().startsWith("basic ")
);
}
async report(sdk: SDK, req: Request): Promise<void> {
const url = req.getUrl();
await sdk.findings.create({
title: "Exposed client_secret",
description: `The request to \`${url}\` contains a potential exposure of the OAuth2 \`client_secret\`.`,
request: req,
reporter: "Client_Secret_Finder",
dedupeKey: "client_secret_exposure"
});
}
}

6
packages/backend/src/index.ts
View file

@ -3,12 +3,14 @@ import type { Request } from "caido:utils";
import { ImplicitGrantController } from "./controller/implictGrant";
import { AuthZCodeGrantController } from "./controller/authZCodeGrant";
import { PKCECheck } from "./controller/PKCECheck";
import { ClientSecretController } from "./controller/clientsecretCheck";
export type API = DefineAPI<{}>;
const implicitGrantController = new ImplicitGrantController();
const authZCodeGrantController = new AuthZCodeGrantController();
const pkceCheck = new PKCECheck();
const clientSecretController = new ClientSecretController();
// function matchSSORequest(req: Request): boolean {
// const raw = req.getRaw().toString();
@ -44,6 +46,10 @@ export function init(sdk: SDK<API>) {
reporter: "",
});
}
if (clientSecretController.test(req)) {
await clientSecretController.report(sdk,req);
}
});
}