whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
caido-plugin-test/packages/backend/src/index.ts
gyuu04 78042ef305 [Add] RedirectBypassController 및 실행 로직 추가 
- redirect_uri 우회 탐지용 RedirectBypassController 클래스 추가
- index.ts에 testAsync 연결 로직 삽입
2025-06-03 12:44:48 +09:00

61 lines
2.3 KiB
TypeScript
Raw Blame History

import type { SDK, DefineAPI } from "caido:plugin";
import type { Request, Response } from "caido:utils";
// import { ImplicitGrantController } from "./controller/implictGrant";
// import { AuthZCodeGrantController } from "./controller/authZCodeGrant";
import { CsrfCheck } from "./controller/csrfCheck";
import { PKCECheck } from "./controller/PKCECheck";
import { AccessTokenLeakController } from "./controller/accessTokenDetector";
import { ScopeDetection } from "./controller/scopeDetection";
// import { NonceCheckController } from "./controller/nonceCheck";
import { RedirectBypassController } from "./controller/redirect_uriBypass";
export type API = DefineAPI<{}>;
const csrfCheck = new CsrfCheck();
const pkceCheckController = new PKCECheck();
const tokenCheck = new AccessTokenLeakController();
const ScopeDetectionController = new ScopeDetection();
// const nonceCheckController = new NonceCheckController();
const redirectBypassController = new RedirectBypassController();
export function init(sdk: SDK<API>) {
sdk.events.onInterceptResponse(async (sdk, req: Request, res: Response) => {
await csrfCheck.checker(sdk, req, res);
//await pkceCheckController.test(sdk, req);
await tokenCheck.testReq(sdk, req);
await tokenCheck.testResp(sdk, res, req);
await ScopeDetectionController.scan(sdk, req.getUrl());
await redirectBypassController.testAsync(sdk, req, res);
// if (NonceCheckController.isOidcFlow(req, res)) {
// await sdk.findings.create({
// title: "OIDC Flow Detected",
// description: "The request appears to be part of an OIDC flow.",
// request: req,
// reporter: "",
// });
// }
});
sdk.events.onInterceptRequest(async (sdk, req: Request) => {
await pkceCheckController.test(sdk, req);
});
/*
sdk.events.onInterceptRequest(async (sdk, req: Request) => {
const result =
authZCodeGrantController.testReq(req) ||
implicitGrantController.testReq(req);
if (result) {
await pkceCheckController.test(sdk, req);
await sdk.findings.create({
title: "Possible SSO Request Detected",
description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
request: req,
reporter: "",
});
}
});
*/
}
Reference in a new issue View git blame Copy permalink