whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
73 commits 12 branches 0 tags 16 MiB
Commit graph

73 commits

This branch
This branch
All branches
Author SHA1 Message Date
sultanofdisco
dfa5392038 Merge branch 'main' of https://github.com/whs-authz-authn-project/caido-plugin-test into sujin 2025-06-07 13:40:44 +09:00
sultanofdisco
2e400517a8 Update index.ts 2025-06-07 09:25:34 +09:00
sultanofdisco
1736debae1 Update nonceCheck.ts 2025-06-07 09:24:26 +09:00
김민곤
1e9a0f1aa0
 		Merge pull request #21 from whs-authz-authn-project/feature/access-token-detector 
[DOCS] AccessToken findings 생성 시 reporter 추가
 2025-06-04 22:40:19 +09:00
KMINGON
595d0e93a3 Merge branch 'main' into feature/access-token-detector 2025-06-04 22:37:39 +09:00
KMINGON
195be25c22 [DOCS] : findings 추가될 때 reporter 값 설정 2025-06-04 22:36:37 +09:00
김민곤
5a88570fe2
 		Merge pull request #19 from whs-authz-authn-project/feature/csrf 
[Update] nonce 파라미터 감지 범위 확장 및 nonce 파라미터 재사용에대한 검증 로직 추가
 2025-06-04 22:19:15 +09:00
James
d2c95cff2e
 		Merge pull request #20 from whs-authz-authn-project/feature/access-token-detector 
[FIX] AccessToken 탐지 정확도 증가
 2025-06-04 22:03:47 +09:00
KMINGON
ac53cd4be5 [FIX]: index의 response에 위치하던 request검사 함수 이동 2025-06-04 17:04:39 +09:00
KMINGON
ba98eef694 Merge branch 'main' into feature/access-token-detector 2025-06-04 17:02:13 +09:00
KMINGON
1bc442b1d3 [FIX]: tokenType까지 검사하여 OAuth Flow인지 확인 2025-06-04 17:01:32 +09:00
tv0924@icloud.com
efb89c668c [Update] nonce 파라미터 감지 범위 늘림 및 nonce 파라미터 재사용에대한 검증 로직 추가 2025-06-04 16:02:42 +09:00
gyuu04
c722adbe9d
 		Merge pull request #18 from whs-authz-authn-project/gyu 
Update redirect_uriBypass.ts
 2025-06-03 14:45:30 +09:00
gyuu04
979dda299a Update redirect_uriBypass.ts 2025-06-03 14:44:09 +09:00
gyuu04
14164ceb83
 		Merge pull request #17 from whs-authz-authn-project/gyu 
[Add] RedirectBypassController 및 실행 로직 추가
 2025-06-03 12:50:47 +09:00
gyuu04
78042ef305 [Add] RedirectBypassController 및 실행 로직 추가 
- redirect_uri 우회 탐지용 RedirectBypassController 클래스 추가
- index.ts에 testAsync 연결 로직 삽입
 2025-06-03 12:44:48 +09:00
gyuu04
e45124de21
 		Merge pull request #16 from whs-authz-authn-project/gyu 
Create redirect_uriBypass.ts
 2025-06-03 12:30:11 +09:00
gyuu04
986c6e59b6 Create redirect_uriBypass.ts 
redirect_uri 우회 탐지 로직 추가
 2025-06-03 12:26:03 +09:00
암냥 (imnyang)
e83988f5fb
 		Merge pull request #15 from whs-authz-authn-project/feature/pkce 
PKCE 리팩토링 && pkceCheckController는 onInterceptRequest에서 작동되어야합니다.
 2025-06-02 22:29:08 +09:00
imnyang
e34649288c Merge branch 'main' of https://github.com/whs-authz-authn-project/caido-plugin-test into feature/pkce 2025-06-02 22:17:14 +09:00
김민곤
eca9a8a5b5
 		Merge pull request #14 from whs-authz-authn-project/feature/csrf 
수진, 민곤 확인 완료
 2025-06-02 22:13:04 +09:00
imnyang
d820695cec Merge branch 'main' of https://github.com/whs-authz-authn-project/caido-plugin-test into feature/pkce 2025-06-02 22:05:37 +09:00
imnyang
c72f103221 FEAT: 리팩토링 2025-06-02 22:03:52 +09:00
sultanofdisco
e7de3ee4a7 nonceCheck 수정 2025-06-02 21:09:35 +09:00
tv0924@icloud.com
1c57ad1a39 [Update] oauth 탐지 로직 정교화 2025-06-02 10:56:42 +09:00
tv0924@icloud.com
b8b7edb5ac [Update] oauth 탐지 로직 정교화 2025-06-02 10:50:11 +09:00
James
9ccd1eb7ac
 		Merge pull request #13 from whs-authz-authn-project/feature/access-token-detector 
[FIX]: Access token 탐지 키워드 리스트 수정
 2025-06-02 09:55:51 +09:00
KMINGON
b1c10b0739 Merge branch 'main' into feature/access-token-detector 2025-06-02 00:22:04 +09:00
김민곤
db242c4465
 		Merge pull request #12 from whs-authz-authn-project/feature/csrf 
데일리스크럼 코드리뷰에서 2차 확인까지 마쳐서 merge 진행
 2025-06-02 00:21:20 +09:00
KMINGON
96452cf9fa Merge branch 'feature/access-token-detector' of https://github.com/whs-authz-authn-project/caido-plugin-test into feature/access-token-detector 2025-06-01 21:00:04 +09:00
KMINGON
77a65002f7 [FIX]: 탐지 키워드 정상화 2025-06-01 20:59:48 +09:00
tv0924@icloud.com
2010b85c4d [Fix] 특정 경우에서 csrf 방지 토큰이 없다고 판별한 것을 수정 2025-06-01 20:14:10 +09:00
sultanofdisco
3a8fb9a401
 		Merge pull request #10 from whs-authz-authn-project/sujin 
nonceCheck 수정
 2025-05-31 15:56:04 +09:00
sultanofdisco
77a05bb707 nonceCheck 수정3 2025-05-31 15:42:37 +09:00
sultanofdisco
e7f9d5684b Merge branch 'main' of https://github.com/whs-authz-authn-project/caido-plugin-test into sujin 2025-05-31 15:27:30 +09:00
imnyang
316a078bd0 Merge branch 'main' of https://github.com/whs-authz-authn-project/caido-plugin-test into feature/pkce 2025-05-31 15:03:40 +09:00
imnyang
907fcd8120 Remove pkce 2025-05-31 15:02:27 +09:00
sultanofdisco
252400a911 nonceCheck 수정2 2025-05-31 14:39:20 +09:00
김민곤
b801fdda0b
 		Merge pull request #9 from whs-authz-authn-project/feature/access-token-detector 
Feature/access token detector
 2025-05-31 12:57:02 +09:00
김민곤
a2b7d44ec0
 		Merge branch 'main' into feature/access-token-detector 2025-05-31 12:48:11 +09:00
KMINGON
f1b5ef5f9b REFACTOR : findings를index가 아닌 모듈애서 만들도록 수정 2025-05-31 12:37:54 +09:00
암냥 (imnyang)
d9353220e6
 		Update README.md 2025-05-31 12:03:49 +09:00
암냥 (imnyang)
a3fcf28786
 		Merge pull request #7 from whs-authz-authn-project/feature/scope 
[Add] Scope Detection
 2025-05-31 12:02:31 +09:00
암냥 (imnyang)
307d373b9c
 		Merge branch 'main' into feature/scope 2025-05-31 12:01:58 +09:00
KMINGON
7b704cacf4 STYLE : 로그 수정 2025-05-31 11:56:47 +09:00
KMINGON
858dfd16dc FEAT : AccessToken 및 각종 토큰 존재 여부 확인하는 controller 작성, 테스트 필요 2025-05-31 11:56:47 +09:00
imnyang
b1f3534e1c 포팅은 했는데 테스트는 안해보긴 했어요 테스트좀 해주세요 2025-05-31 11:55:15 +09:00
sultanofdisco
cc81947bd8 nonceCheck 수정 2025-05-31 11:55:06 +09:00
암냥 (imnyang)
6efa9f4d20
 		Merge pull request #5 from whs-authz-authn-project/main 
Commit Behind
 2025-05-31 11:51:47 +09:00
김민곤
315e38a726
 		Merge pull request #3 from whs-authz-authn-project/feature/csrf 
Feature/csrf
 2025-05-31 11:49:40 +09:00