[File] caido에서 바로 사용할 수 있는 zip 파일 추가

2025-05-19 11:12:18 +09:00 · 2025-05-19 11:12:18 +09:00 · cc52c85fd5
commit cc52c85fd5
parent 889d7cfbf2
3 changed files with 85 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -215,4 +215,8 @@ $RECYCLE.BIN/
 # Windows shortcuts
 *.lnk

+!dist/
+dist/*
+!dist/*.zip
+
 # End of https://www.toptal.com/developers/gitignore/api/node,macos,windows,linux
--- a/dist/plugin_package.zip
+++ b/dist/plugin_package.zip
--- a/packages/backend/dist/index.js
+++ b/packages/backend/dist/index.js
@ -0,0 +1,81 @@
+// packages/backend/src/controller/implictGrant.ts
+var ImplicitGrantController = class {
+  isImplicitGrantReq(req) {
+    const query = req.getQuery();
+    if (query.includes("client_id=") && query.includes("response_type=token")) {
+      return true;
+    }
+    return false;
+  }
+  isSendTokenToClient(req) {
+    const path = req.getPath();
+    const query = req.getQuery();
+    if (query.includes("access_token=") && query.includes("state=") || path.includes("&access_token=") || /access_token=%/i.test(query)) {
+      return true;
+    }
+    return false;
+  }
+  testReq(req) {
+    if (this.isImplicitGrantReq(req)) {
+      return "isImplicitGrantReq";
+    }
+    if (this.isSendTokenToClient(req)) {
+      return "isSendTokenToClient";
+    }
+    return false;
+  }
+};
+
+// packages/backend/src/controller/authZCodeGrant.ts
+var AuthZCodeGrantController = class {
+  constructor() {
+  }
+  isAuthZReq(req) {
+    const query = req.getQuery();
+    if (query.includes("client_id=") && query.includes("response_type=code")) {
+      return true;
+    }
+    return false;
+  }
+  isSendCodeToClient(req) {
+    const path = req.getPath();
+    const query = req.getQuery();
+    if (query.includes("code=") && query.includes("state=") || path.includes("&code=") || /code=%/i.test(query)) {
+      return true;
+    }
+    return false;
+  }
+  testReq(req) {
+    if (this.isAuthZReq(req)) {
+      return "isAuthZReq";
+    }
+    if (this.isSendCodeToClient(req)) {
+      return "isSendCodeToClient";
+    }
+    return false;
+  }
+  // isAccessTokenReq(req: Response) {
+  // }
+};
+
+// packages/backend/src/index.ts
+var implicitGrantController = new ImplicitGrantController();
+var authZCodeGrantController = new AuthZCodeGrantController();
+function init(sdk) {
+  sdk.events.onInterceptRequest(async (sdk2, req) => {
+    const result = authZCodeGrantController.testReq(req) || implicitGrantController.testReq(req);
+    if (result) {
+      await sdk2.findings.create({
+        title: "Possible SSO Request Detected",
+        description: `SSO-related parameters detected in request:
+
+${req.getMethod()} ${req.getUrl()} : ${result}`,
+        request: req,
+        reporter: ""
+      });
+    }
+  });
+}
+export {
+  init
+};