whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: whs-authz-authn:main
Branches Tags
whs-authz-authn:main
whs-authz-authn:sujin
whs-authz-authn:feature/control-tower
whs-authz-authn:feature/access-token-detector
whs-authz-authn:feature/csrf
whs-authz-authn:scopeDetection
whs-authz-authn:feature/pkce
whs-authz-authn:gyu
whs-authz-authn:tk
whs-authz-authn:revert-10-sujin
whs-authz-authn:taewoo
whs-authz-authn:feature/scope
...
pull from: whs-authz-authn:feature/control-tower
Branches Tags
whs-authz-authn:sujin
whs-authz-authn:feature/control-tower
whs-authz-authn:main
whs-authz-authn:feature/access-token-detector
whs-authz-authn:feature/csrf
whs-authz-authn:scopeDetection
whs-authz-authn:feature/pkce
whs-authz-authn:gyu
whs-authz-authn:tk
whs-authz-authn:revert-10-sujin
whs-authz-authn:taewoo
whs-authz-authn:feature/scope
Sign in to create a new pull request.

3 commits
main ... feature/co

Author SHA1 Message Date
imnyang
1e79dcabaa
 		Temp 2025-06-05 21:49:59 +09:00
imnyang
143b308e77
 		Merge branch 'main' of https://github.com/whs-authz-authn-project/caido-plugin-test into feature/control-tower 2025-06-05 21:47:35 +09:00
imnyang
0eca258096
 		temp commit 2025-06-05 21:47:25 +09:00
6 changed files with 67 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

17
packages/backend/src/controller/PKCECheck.ts
View file

@ -1,5 +1,6 @@
import type { SDK } from "caido:plugin"; import type { SDK } from "caido:plugin";
import { Body, RequestSpec, type Request } from "caido:utils"; import { Body, RequestSpec, type Request } from "caido:utils";
import { sendReport } from "../utils/controlTower";
export class PKCECheck { export class PKCECheck {
// 필요한 PKCE 파라미터 목록 // 필요한 PKCE 파라미터 목록
@ -79,13 +80,14 @@ export class PKCECheck {
const reference = isOpenID const reference = isOpenID
? "https://openid.net/specs/openid-igov-oauth2-1_0-02.html#rfc.section.3.1.7" ? "https://openid.net/specs/openid-igov-oauth2-1_0-02.html#rfc.section.3.1.7"
: "https://datatracker.ietf.org/doc/html/rfc7636"; : "https://datatracker.ietf.org/doc/html/rfc7636";
await this.reportFinding(
await sdk.findings.create({ sdk,
title, req,
description: `PKCE downgrade vulnerability detected!\n\nOriginal URL: ${url}\nDowngraded URL: ${downgradedUrl}\n\nBoth requests returned authorization codes, indicating the server accepts requests without PKCE protection.\n\nReference: ${reference}`, url,
request: req, isOpenID,
reporter: "PKCE Checker", title,
}); `PKCE downgrade vulnerability detected!\n\nOriginal URL: ${url}\nDowngraded URL: ${downgradedUrl}\n\nBoth requests returned authorization codes, indicating the server accepts requests without PKCE protection.\n\nReference: ${reference}`
);
return true; return true;
} }
@ -133,5 +135,6 @@ export class PKCECheck {
request: req, request: req,
reporter: "PKCE Checker", reporter: "PKCE Checker",
}); });
await sendReport(sdk, fullTitle, `${message} (${url})`, req, "PKCE Checker");
} }
} }

15
packages/backend/src/controller/accessTokenDetector.ts
View file

@ -1,5 +1,6 @@
import type { Request, Response } from "caido:utils"; import type { Request, Response } from "caido:utils";
import type { SDK, DefineAPI } from "caido:plugin"; import type { SDK, DefineAPI } from "caido:plugin";
import { sendReport } from "../utils/controlTower";
// 토큰 누출 검사 결과를 담는 구조 // 토큰 누출 검사 결과를 담는 구조
export interface TokenLeakResult { export interface TokenLeakResult {
@ -21,6 +22,13 @@ export class AccessTokenLeakController {
request, request,
reporter: "AccessTokenLeak", reporter: "AccessTokenLeak",
}); });
await sendReport(
sdk,
result.title,
result.description,
request,
"AccessTokenLeak"
);
} }
} }
@ -33,6 +41,13 @@ export class AccessTokenLeakController {
request, request,
reporter: "AccessTokenLeak", reporter: "AccessTokenLeak",
}); });
await sendReport(
sdk,
result.title,
result.description,
request,
"AccessTokenLeak"
);
} }
} }

9
packages/backend/src/controller/csrfCheck.ts
View file

@ -1,6 +1,7 @@
import type { Request, Response } from "caido:utils"; import type { Request, Response } from "caido:utils";
import type { SDK, DefineAPI } from "caido:plugin"; import type { SDK, DefineAPI } from "caido:plugin";
import { HttpUtils } from "../utils/http"; import { HttpUtils } from "../utils/http";
import { sendReport } from "../utils/controlTower";
const httpUtils = new HttpUtils(); const httpUtils = new HttpUtils();
@ -269,6 +270,14 @@ export class CsrfCheck {
request, request,
reporter: "csrf reporter", reporter: "csrf reporter",
}); });
await sendReport(
sdk,
"CSRF Vulnerability Detected",
`A CSRF vulnerability was detected in the request.\n\nRequest: ${request.getMethod()} ${request.getUrl()}\n\nDetails: ${result}`,
request,
"csrf reporter"
);
} }
} catch (error) { } catch (error) {
sdk.console.error(`Error creating finding: ${error}`); sdk.console.error(`Error creating finding: ${error}`);

8
packages/backend/src/controller/redirect_uriBypass.ts
View file

@ -1,5 +1,6 @@
import type { Request, Response } from "caido:utils"; import type { Request, Response } from "caido:utils";
import type { SDK } from "caido:plugin"; import type { SDK } from "caido:plugin";
import { sendReport } from "../utils/controlTower";
export class RedirectBypassController { export class RedirectBypassController {
// redirect_uri를 확인하는 함수 // redirect_uri를 확인하는 함수
@ -54,6 +55,13 @@ export class RedirectBypassController {
request: req, request: req,
reporter: "gyu", reporter: "gyu",
}); });
await sendReport(
sdk,
"Redirect URI Bypass Detected",
`A redirect URI bypass was detected.\nRedirect URI: ${result.redirectUri}`,
req,
"gyu"
);
} }
} }
} }

1
packages/backend/src/index.ts
View file

@ -40,6 +40,7 @@ export function init(sdk: SDK<API>) {
await tokenCheck.testReq(sdk, req); await tokenCheck.testReq(sdk, req);
await pkceCheckController.test(sdk, req); await pkceCheckController.test(sdk, req);
}); });
/* /*
sdk.events.onInterceptRequest(async (sdk, req: Request) => { sdk.events.onInterceptRequest(async (sdk, req: Request) => {
const result = const result =

24
packages/backend/src/utils/controlTower.ts Normal file
View file

@ -0,0 +1,24 @@
import type { SDK } from "caido:plugin";
import { Body, RequestSpec, type Request } from "caido:utils";
export async function sendReport(
sdk: SDK,
title: string,
description: string,
request: Request,
reporter: string
) {
const spec = new RequestSpec("http://192.168.0.9:4020/report");
spec.setMethod("POST");
spec.setHeader("Content-Type", "application/json");
const body = new Body(JSON.stringify({
title,
description,
request: request.toSpec(),
reporter
}));
spec.setBody(body);
return await sdk.requests.send(spec);
}