whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[Add] csrf

Browse source
This commit is contained in:
tv0924@icloud.com 2025-05-28 15:01:53 +09:00
commit f775282e91
2 changed files with 35 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

62
packages/backend/src/index.ts
View file

@ -1,41 +1,13 @@
import type { SDK, DefineAPI } from "caido:plugin"; import type { SDK, DefineAPI } from "caido:plugin";
import type { Request } from "caido:utils"; import type { Request, Response } from "caido:utils";
<<<<<<< HEAD
import { ImplicitGrantController } from "./controller/implictGrant";
import { AuthZCodeGrantController } from "./controller/authZCodeGrant";
import { PKCECheck } from "./controller/PKCECheck";
export type API = DefineAPI<{}>;
const implicitGrantController = new ImplicitGrantController();
const authZCodeGrantController = new AuthZCodeGrantController();
const pkceCheck = new PKCECheck();
// function matchSSORequest(req: Request): boolean {
// const raw = req.getRaw().toString();
// // 조건 3: Raw request에 SAMLRequest 또는 SAMLResponse 포함
// if (raw.includes("SAMLRequest=") || raw.includes("SAMLResponse=")) {
// return true;
// }
// return false;
// }
// function matchAccessTokenResponse(resp: Response): boolean {
// const raw = resp.getRaw().toString();
// const match = /"access_token"\s*:\s*"([^"]+)"/.exec(raw);
// return !!match;
// }
=======
// import { ImplicitGrantController } from "./controller/implictGrant"; // import { ImplicitGrantController } from "./controller/implictGrant";
// import { AuthZCodeGrantController } from "./controller/authZCodeGrant"; // import { AuthZCodeGrantController } from "./controller/authZCodeGrant";
import { CsrfCheck } from "./controller/csrfCheck"; import { CsrfCheck } from "./controller/csrfCheck";
import { PKCECheck } from "./controller/PKCECheck";
export type API = DefineAPI<{}>; export type API = DefineAPI<{}>;
const csrfCheck = new CsrfCheck(); const csrfCheck = new CsrfCheck();
>>>>>>> 8de17eb (csrf(state) ) const pkceCheck = new PKCECheck();
export function init(sdk: SDK<API>) { export function init(sdk: SDK<API>) {
// sdk.events.onInterceptRequest(async (sdk, req: Request) => { // sdk.events.onInterceptRequest(async (sdk, req: Request) => {
@ -51,21 +23,23 @@ export function init(sdk: SDK<API>) {
// } // }
// }); // });
sdk.events.onInterceptResponse(async (sdk, req: Request, resp) => { sdk.events.onInterceptResponse(
const funcList = [csrfCheck.checker(sdk, req, resp)]; async (sdk: SDK<DefineAPI<{}>, {}>, req: Request, resp: Response) => {
const funcList: Promise<string | 0>[] = [
csrfCheck.checker(sdk, req, resp),
];
let result = await Promise.all(funcList); let result = await Promise.all(funcList);
if (result) {
await sdk.findings.create({
title: "Possible SSO Response Detected",
description: `SSO-related parameters detected in response:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
request: req,
reporter: "",
});
}
if (result) {
await pkceCheck.test(sdk, req); await pkceCheck.test(sdk, req);
await sdk.findings.create({
title: "Possible SSO Response Detected",
description: `SSO-related parameters detected in response:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
request: req,
reporter: "",
});
} }
);
});
} }

16
pnpm-lock.yaml generated
View file

@ -11,6 +11,9 @@ importers:
'@caido-community/dev': '@caido-community/dev':
specifier: ^0.1.3 specifier: ^0.1.3
version: 0.1.5(postcss@8.5.3)(typescript@5.5.4) version: 0.1.5(postcss@8.5.3)(typescript@5.5.4)
'@caido/sdk-backend':
specifier: ^0.48.1
version: 0.48.1
typescript: typescript:
specifier: 5.5.4 specifier: 5.5.4
version: 5.5.4 version: 5.5.4
@ -34,9 +37,15 @@ packages:
'@caido/quickjs-types@0.17.2': '@caido/quickjs-types@0.17.2':
resolution: {integrity: sha512-5kcucGORMNEbcdU91yKLYZG/TFDqsO6XmCZ1TnU6V48E61mmqrJg6kjrfOFP1WOugDm+ZcGd/Su3p3XkFXfaPg==} resolution: {integrity: sha512-5kcucGORMNEbcdU91yKLYZG/TFDqsO6XmCZ1TnU6V48E61mmqrJg6kjrfOFP1WOugDm+ZcGd/Su3p3XkFXfaPg==}
'@caido/quickjs-types@0.18.0':
resolution: {integrity: sha512-hRXUVdDvlhEhvkBoWWytoVS2j1KDVZa8dx2Q/KvWUQTR57U8EMSYE9iFgvPhu78gS8z+RF42Zcb7moNx4SDMlw==}
'@caido/sdk-backend@0.46.0': '@caido/sdk-backend@0.46.0':
resolution: {integrity: sha512-peUKW/4Nrw9WVxIahc+6KrVtxA7vsbpuJqOoBxudxq7tQJ+cV9IEqzvYoFFo8KlnrTkeUQUJvd0W4WsM3HgxEg==} resolution: {integrity: sha512-peUKW/4Nrw9WVxIahc+6KrVtxA7vsbpuJqOoBxudxq7tQJ+cV9IEqzvYoFFo8KlnrTkeUQUJvd0W4WsM3HgxEg==}
'@caido/sdk-backend@0.48.1':
resolution: {integrity: sha512-JvFeOlSqAKbj3OenBn0LPtCNaOV0x6YtaAQijpvYfBJK32Nvbf924Z10bFVCu+Clc5A1qr7HcAvJ/8B/aRikWA==}
'@caido/sdk-shared@0.1.1': '@caido/sdk-shared@0.1.1':
resolution: {integrity: sha512-JAV5ajUqxZdXYPTmDEvIKBZon8I5uHq44ATj0Nj3BVpllRDUGY9kcBd+PXMD50+3lv1CvhR3/f6q24T0+4aVJQ==} resolution: {integrity: sha512-JAV5ajUqxZdXYPTmDEvIKBZon8I5uHq44ATj0Nj3BVpllRDUGY9kcBd+PXMD50+3lv1CvhR3/f6q24T0+4aVJQ==}
@ -1095,11 +1104,18 @@ snapshots:
'@caido/quickjs-types@0.17.2': {} '@caido/quickjs-types@0.17.2': {}
'@caido/quickjs-types@0.18.0': {}
'@caido/sdk-backend@0.46.0': '@caido/sdk-backend@0.46.0':
dependencies: dependencies:
'@caido/quickjs-types': 0.17.2 '@caido/quickjs-types': 0.17.2
'@caido/sdk-shared': 0.1.1 '@caido/sdk-shared': 0.1.1
'@caido/sdk-backend@0.48.1':
dependencies:
'@caido/quickjs-types': 0.18.0
'@caido/sdk-shared': 0.1.1
'@caido/sdk-shared@0.1.1': {} '@caido/sdk-shared@0.1.1': {}
'@esbuild/aix-ppc64@0.24.2': '@esbuild/aix-ppc64@0.24.2':