diff --git a/dist/plugin_package.zip b/dist/plugin_package.zip
index 31ab81a..1b3f2de 100644
Binary files a/dist/plugin_package.zip and b/dist/plugin_package.zip differ
diff --git a/packages/backend/src/controller/tokenLeakCheck.ts b/packages/backend/src/controller/tokenLeakCheck.ts
index 2248b49..5a05ce9 100644
--- a/packages/backend/src/controller/tokenLeakCheck.ts
+++ b/packages/backend/src/controller/tokenLeakCheck.ts
@@ -1,8 +1,8 @@
-import type { Request } from "caido:utils";
+import type { Request,Response } from "caido:utils";
 import jwt from "jsonwebtoken";
 
 export class TokenLeakCheck {
-  public static extractIdToken(req: Request): string | null {
+  public static extractIdToken(req: Request, res?: Response): string | null {
     // 1. Authorization 헤더 확인\\
     const header = req.getHeaders() as Record<string, string | string[] | undefined>;
     const authHeader = header["authorization"] || header["Authorization"];
@@ -16,19 +16,21 @@ export class TokenLeakCheck {
       return (query as Record<string, any>).id_token;
     }
 
-    // 3. POST 바디 안에 id_token이 있을 경우
-    const rawBody = req.getRaw();
-    const body = rawBody ? rawBody.toString() : "";
-    const match = body.match(/id_token=([^&\s]+)/);
-    if (match && typeof match[1] === "string") {
-      return decodeURIComponent(match[1]);
+    // 3. response 안에 id_token이 있을 경우
+    if (res) {
+      const rawBody = res.getRaw();
+      const body = rawBody ? rawBody.toString() : "";
+      const match = body.match(/id_token=([^&\s]+)/);
+      if (match && typeof match[1] === "string" ) {
+        return decodeURIComponent(match[1]);
+      }
     }
 
     return null;
   }
 
-  public static decodeIdToken(req: Request): Record<string, any> | null {
-    const token = this.extractIdToken(req);
+  public static decodeIdToken(req: Request, res?: Response): Record<string, any> | null {
+    const token = this.extractIdToken(req, res);
     if (!token) return null;
 
     const decoded = jwt.decode(token, { complete: true });
diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts
index 8ba813f..0ad8c01 100644
--- a/packages/backend/src/index.ts
+++ b/packages/backend/src/index.ts
@@ -2,6 +2,7 @@ import type { SDK, DefineAPI } from "caido:plugin";
 import type { Request } from "caido:utils";
 import { ImplicitGrantController } from "./controller/implictGrant";
 import { AuthZCodeGrantController } from "./controller/authZCodeGrant";
+import { NonceCheckController } from "./controller/nonceCheck";
 
 export type API = DefineAPI<{}>;
 
@@ -40,5 +41,14 @@ export function init(sdk: SDK<API>) {
         reporter: "",
       });
     }
+
+    if(NonceCheckController.isOidcFlow(req)) {
+      await sdk.findings.create({
+        title: "OIDC Flow Detected",
+        description: "The request appears to be part of an OIDC flow.",
+        request: req,
+        reporter: "",
+      });
+    }
   });
-}
+}
\ No newline at end of file