whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
72 commits 12 branches 0 tags 16 MiB
Commit graph

47 commits

Author SHA1 Message Date
imnyang
1e79dcabaa
 		Temp 2025-06-05 21:49:59 +09:00
imnyang
143b308e77
 		Merge branch 'main' of https://github.com/whs-authz-authn-project/caido-plugin-test into feature/control-tower 2025-06-05 21:47:35 +09:00
imnyang
0eca258096
 		temp commit 2025-06-05 21:47:25 +09:00
KMINGON
595d0e93a3 Merge branch 'main' into feature/access-token-detector 2025-06-04 22:37:39 +09:00
KMINGON
195be25c22 [DOCS] : findings 추가될 때 reporter 값 설정 2025-06-04 22:36:37 +09:00
김민곤
5a88570fe2
 		Merge pull request #19 from whs-authz-authn-project/feature/csrf 
[Update] nonce 파라미터 감지 범위 확장 및 nonce 파라미터 재사용에대한 검증 로직 추가
 2025-06-04 22:19:15 +09:00
KMINGON
ac53cd4be5 [FIX]: index의 response에 위치하던 request검사 함수 이동 2025-06-04 17:04:39 +09:00
KMINGON
ba98eef694 Merge branch 'main' into feature/access-token-detector 2025-06-04 17:02:13 +09:00
KMINGON
1bc442b1d3 [FIX]: tokenType까지 검사하여 OAuth Flow인지 확인 2025-06-04 17:01:32 +09:00
tv0924@icloud.com
efb89c668c [Update] nonce 파라미터 감지 범위 늘림 및 nonce 파라미터 재사용에대한 검증 로직 추가 2025-06-04 16:02:42 +09:00
gyuu04
979dda299a Update redirect_uriBypass.ts 2025-06-03 14:44:09 +09:00
gyuu04
78042ef305 [Add] RedirectBypassController 및 실행 로직 추가 
- redirect_uri 우회 탐지용 RedirectBypassController 클래스 추가
- index.ts에 testAsync 연결 로직 삽입
 2025-06-03 12:44:48 +09:00
gyuu04
986c6e59b6 Create redirect_uriBypass.ts 
redirect_uri 우회 탐지 로직 추가
 2025-06-03 12:26:03 +09:00
imnyang
e34649288c Merge branch 'main' of https://github.com/whs-authz-authn-project/caido-plugin-test into feature/pkce 2025-06-02 22:17:14 +09:00
imnyang
d820695cec Merge branch 'main' of https://github.com/whs-authz-authn-project/caido-plugin-test into feature/pkce 2025-06-02 22:05:37 +09:00
imnyang
c72f103221 FEAT: 리팩토링 2025-06-02 22:03:52 +09:00
tv0924@icloud.com
1c57ad1a39 [Update] oauth 탐지 로직 정교화 2025-06-02 10:56:42 +09:00
tv0924@icloud.com
b8b7edb5ac [Update] oauth 탐지 로직 정교화 2025-06-02 10:50:11 +09:00
KMINGON
b1c10b0739 Merge branch 'main' into feature/access-token-detector 2025-06-02 00:22:04 +09:00
KMINGON
96452cf9fa Merge branch 'feature/access-token-detector' of https://github.com/whs-authz-authn-project/caido-plugin-test into feature/access-token-detector 2025-06-01 21:00:04 +09:00
KMINGON
77a65002f7 [FIX]: 탐지 키워드 정상화 2025-06-01 20:59:48 +09:00
tv0924@icloud.com
2010b85c4d [Fix] 특정 경우에서 csrf 방지 토큰이 없다고 판별한 것을 수정 2025-06-01 20:14:10 +09:00
sultanofdisco
77a05bb707 nonceCheck 수정3 2025-05-31 15:42:37 +09:00
sultanofdisco
e7f9d5684b Merge branch 'main' of https://github.com/whs-authz-authn-project/caido-plugin-test into sujin 2025-05-31 15:27:30 +09:00
sultanofdisco
252400a911 nonceCheck 수정2 2025-05-31 14:39:20 +09:00
김민곤
a2b7d44ec0
 		Merge branch 'main' into feature/access-token-detector 2025-05-31 12:48:11 +09:00
KMINGON
f1b5ef5f9b REFACTOR : findings를index가 아닌 모듈애서 만들도록 수정 2025-05-31 12:37:54 +09:00
암냥 (imnyang)
307d373b9c
 		Merge branch 'main' into feature/scope 2025-05-31 12:01:58 +09:00
KMINGON
7b704cacf4 STYLE : 로그 수정 2025-05-31 11:56:47 +09:00
KMINGON
858dfd16dc FEAT : AccessToken 및 각종 토큰 존재 여부 확인하는 controller 작성, 테스트 필요 2025-05-31 11:56:47 +09:00
imnyang
b1f3534e1c 포팅은 했는데 테스트는 안해보긴 했어요 테스트좀 해주세요 2025-05-31 11:55:15 +09:00
sultanofdisco
cc81947bd8 nonceCheck 수정 2025-05-31 11:55:06 +09:00
seungyeoncherry
dfeab629d7 [Add] Scope Detection 2025-05-31 11:49:11 +09:00
tv0924@icloud.com
5fed2eb7d0 [Update] index 2025-05-31 11:47:52 +09:00
암냥 (imnyang)
dcb91d141f
 		Merge branch 'main' into feature/csrf 2025-05-31 11:41:54 +09:00
imnyang
b64c8cc4e4
 		[Add] PKCE 완 2025-05-28 23:28:31 +09:00
tv0924@icloud.com
ef1d8f40b3 [Update] feature 2025-05-28 16:49:48 +09:00
tv0924@icloud.com
f775282e91 [Add] csrf 2025-05-28 15:01:53 +09:00
tv0924@icloud.com
e868cbec67 csrf(state) 관련 취약점 탐지 기능 추가 2025-05-28 14:17:24 +09:00
imnyang
0a24c5594d
 		[Add] PKCE 체크 및 관련 기능 구현, Playground 디렉토리 정리 2025-05-26 00:56:03 +09:00
imnyang
ba20dd9007
 		제가 코드 통일성이 없었네요... 2025-05-25 22:28:56 +09:00
imnyang
2e1eb7a3ab PKCE Downgrade만 체킹한다고요? 아뇨 이제 PKCE가 있는지도 확인할겁니다. 
이거도 좀 줄이고
 2025-05-25 20:55:19 +09:00
imnyang
12f635c77b What's happening!! 2025-05-25 16:59:51 +09:00
sultanofdisco
c355038288 nonce check 
oidc flow인지 check하고, nonce 유무를 체크한다
 2025-05-24 14:25:44 +09:00
tv0924@icloud.com
b41b086980 [Remove] backend build file 2025-05-19 12:13:43 +09:00
tv0924@icloud.com
cc52c85fd5 [File] caido에서 바로 사용할 수 있는 zip 파일 추가 2025-05-19 11:12:18 +09:00
tv0924@icloud.com
889d7cfbf2 [Add] is authZ|implict grant type 2025-05-19 11:08:20 +09:00