From 4059cc7adb474c057db26e5f4a2510a96be4fc73 Mon Sep 17 00:00:00 2001 From: tk Date: Mon, 9 Jun 2025 23:12:28 +0900 Subject: [PATCH] =?UTF-8?q?=EB=B6=88=ED=95=84=EC=9A=94=ED=95=9C=20?= =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- addon/cleintsecret_check.py | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) diff --git a/addon/cleintsecret_check.py b/addon/cleintsecret_check.py index 9f431ab..481bfe6 100644 --- a/addon/cleintsecret_check.py +++ b/addon/cleintsecret_check.py @@ -1,9 +1,5 @@ -# client_secret_check.py -from mitmproxy import http, ctx +from mitmproxy import http from urllib.parse import urlparse, parse_qs -from typing import Optional, List -import lib.target as target -from lib.report import save_report class ClientSecretChecker: @@ -29,7 +25,7 @@ class ClientSecretChecker: referer = flow.request.headers.get("Referer", "") return "client_secret" in referer - def check_client_secret_leak(self, flow: http.HTTPFlow) -> List[str]: + def check_client_secret_leak(self, flow: http.HTTPFlow) -> list[str]: messages = [] if self.has_client_secret_in_uri(flow.request.url): @@ -43,22 +39,14 @@ class ClientSecretChecker: return messages - def response(self, flow: http.HTTPFlow) -> None: + async def request(self, flow: http.HTTPFlow) -> None: try: if not self.is_oauth_uri(flow.request.url): return issues = self.check_client_secret_leak(flow) if issues: - desc = " | ".join(issues) - report_data = [{ - 'target': target.load(), - 'status': "HIGH", - 'title': "OAuth Client Secret Exposure", - 'description': desc, - 'uri': flow.request.url, - }] - save_report(report_data) - print(f"[INFO] Client Secret Check: {desc}") + print(f"[HIGH] OAuth Client Secret Exposure: {' | '.join(issues)}") + print(f"[URL] {flow.request.url}") except Exception as e: print(f"[ERROR] Client Secret Check failed: {e}")