whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: whs-authz-authn:feature/control-tower
Branches Tags
whs-authz-authn:main
whs-authz-authn:sujin
whs-authz-authn:feature/control-tower
whs-authz-authn:feature/access-token-detector
whs-authz-authn:feature/csrf
whs-authz-authn:scopeDetection
whs-authz-authn:feature/pkce
whs-authz-authn:gyu
whs-authz-authn:tk
whs-authz-authn:revert-10-sujin
whs-authz-authn:taewoo
whs-authz-authn:feature/scope
..
compare: whs-authz-authn:main
Branches Tags
whs-authz-authn:sujin
whs-authz-authn:feature/control-tower
whs-authz-authn:main
whs-authz-authn:feature/access-token-detector
whs-authz-authn:feature/csrf
whs-authz-authn:scopeDetection
whs-authz-authn:feature/pkce
whs-authz-authn:gyu
whs-authz-authn:tk
whs-authz-authn:revert-10-sujin
whs-authz-authn:taewoo
whs-authz-authn:feature/scope

No commits in common. "feature/control-tower" and "main" have entirely different histories.
feature/co ... main

6 changed files with 7 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

17
packages/backend/src/controller/PKCECheck.ts
View file

@ -1,6 +1,5 @@
import type { SDK } from "caido:plugin";
import { Body, RequestSpec, type Request } from "caido:utils";
import { sendReport } from "../utils/controlTower";
export class PKCECheck {
// 필요한 PKCE 파라미터 목록
@ -80,14 +79,13 @@ export class PKCECheck {
const reference = isOpenID
? "https://openid.net/specs/openid-igov-oauth2-1_0-02.html#rfc.section.3.1.7"
: "https://datatracker.ietf.org/doc/html/rfc7636";
await this.reportFinding(
sdk,
req,
url,
isOpenID,
title,
`PKCE downgrade vulnerability detected!\n\nOriginal URL: ${url}\nDowngraded URL: ${downgradedUrl}\n\nBoth requests returned authorization codes, indicating the server accepts requests without PKCE protection.\n\nReference: ${reference}`
);
await sdk.findings.create({
title,
description: `PKCE downgrade vulnerability detected!\n\nOriginal URL: ${url}\nDowngraded URL: ${downgradedUrl}\n\nBoth requests returned authorization codes, indicating the server accepts requests without PKCE protection.\n\nReference: ${reference}`,
request: req,
reporter: "PKCE Checker",
});
return true;
}
@ -135,6 +133,5 @@ export class PKCECheck {
request: req,
reporter: "PKCE Checker",
});
await sendReport(sdk, fullTitle, `${message} (${url})`, req, "PKCE Checker");
}
}

15
packages/backend/src/controller/accessTokenDetector.ts
View file

@ -1,6 +1,5 @@
import type { Request, Response } from "caido:utils";
import type { SDK, DefineAPI } from "caido:plugin";
import { sendReport } from "../utils/controlTower";
// 토큰 누출 검사 결과를 담는 구조
export interface TokenLeakResult {
@ -22,13 +21,6 @@ export class AccessTokenLeakController {
request,
reporter: "AccessTokenLeak",
});
await sendReport(
sdk,
result.title,
result.description,
request,
"AccessTokenLeak"
);
}
}
@ -41,13 +33,6 @@ export class AccessTokenLeakController {
request,
reporter: "AccessTokenLeak",
});
await sendReport(
sdk,
result.title,
result.description,
request,
"AccessTokenLeak"
);
}
}

9
packages/backend/src/controller/csrfCheck.ts
View file

@ -1,7 +1,6 @@
import type { Request, Response } from "caido:utils";
import type { SDK, DefineAPI } from "caido:plugin";
import { HttpUtils } from "../utils/http";
import { sendReport } from "../utils/controlTower";
const httpUtils = new HttpUtils();
@ -270,14 +269,6 @@ export class CsrfCheck {
request,
reporter: "csrf reporter",
});
await sendReport(
sdk,
"CSRF Vulnerability Detected",
`A CSRF vulnerability was detected in the request.\n\nRequest: ${request.getMethod()} ${request.getUrl()}\n\nDetails: ${result}`,
request,
"csrf reporter"
);
}
} catch (error) {
sdk.console.error(`Error creating finding: ${error}`);

8
packages/backend/src/controller/redirect_uriBypass.ts
View file

@ -1,6 +1,5 @@
import type { Request, Response } from "caido:utils";
import type { SDK } from "caido:plugin";
import { sendReport } from "../utils/controlTower";
export class RedirectBypassController {
// redirect_uri를 확인하는 함수
@ -55,13 +54,6 @@ export class RedirectBypassController {
request: req,
reporter: "gyu",
});
await sendReport(
sdk,
"Redirect URI Bypass Detected",
`A redirect URI bypass was detected.\nRedirect URI: ${result.redirectUri}`,
req,
"gyu"
);
}
}
}

1
packages/backend/src/index.ts
View file

@ -40,7 +40,6 @@ export function init(sdk: SDK<API>) {
await tokenCheck.testReq(sdk, req);
await pkceCheckController.test(sdk, req);
});
/*
sdk.events.onInterceptRequest(async (sdk, req: Request) => {
const result =

24
packages/backend/src/utils/controlTower.ts
View file

@ -1,24 +0,0 @@
import type { SDK } from "caido:plugin";
import { Body, RequestSpec, type Request } from "caido:utils";
export async function sendReport(
sdk: SDK,
title: string,
description: string,
request: Request,
reporter: string
) {
const spec = new RequestSpec("http://192.168.0.9:4020/report");
spec.setMethod("POST");
spec.setHeader("Content-Type", "application/json");
const body = new Body(JSON.stringify({
title,
description,
request: request.toSpec(),
reporter
}));
spec.setBody(body);
return await sdk.requests.send(spec);
}