SOme new bambdas

NetSPI · Jul 11, 2024 · 9a1d3c5 · 9a1d3c5
1 parent 2f2e277
commit 9a1d3c5
Show file tree

Hide file tree

Showing 5 changed files with 77 additions and 0 deletions.
diff --git a/CustomColumn/Proxy/HTTP/BadCSP.bambda b/CustomColumn/Proxy/HTTP/BadCSP.bambda
@@ -0,0 +1,19 @@
+if (requestResponse.response() != null) {
+    if(!requestResponse.response().hasHeader("Content-Security-Policy")) {
+        return "No CSP";
+    }
+
+    String csp = requestResponse.response().headerValue("Content-Security-Policy");
+    ArrayList<String> vulnerableDirectives = new ArrayList<>();
+    String[] directivesToCheck = new String[]{"unsafe-inline", "unsafe-eval"};
+
+    for(int i=0;i<directivesToCheck.length;i++) {
+        if(csp.contains(directivesToCheck[i])) {
+            vulnerableDirectives.add(directivesToCheck[i]);
+        }
+    }
+
+    return String.join(", ", vulnerableDirectives);
+} else {
+    return false;
+}
diff --git a/...r/Proxy/HTTP/Attack Vectors - IDOR.bambda → Filter/Proxy/HTTP/Attack Vectors - IDOR.kts b/...r/Proxy/HTTP/Attack Vectors - IDOR.bambda → Filter/Proxy/HTTP/Attack Vectors - IDOR.kts
diff --git a/Filter/Proxy/HTTP/JSONPForCSPBypass.bambda → Filter/Proxy/HTTP/CSP Bypass - JSONP.bambda b/Filter/Proxy/HTTP/JSONPForCSPBypass.bambda → Filter/Proxy/HTTP/CSP Bypass - JSONP.bambda
diff --git a/Filter/Proxy/HTTP/CSP Misconfigured.bambda b/Filter/Proxy/HTTP/CSP Misconfigured.bambda
@@ -0,0 +1,36 @@
+StringBuilder cspNotes = new StringBuilder();
+
+// Only show reqs in scope
+if (!requestResponse.request().isInScope()) {
+    return false;
+}
+
+if(requestResponse.response() == null) {
+    return false;
+}
+
+// Check if no CSP
+if(!requestResponse.response().hasHeader("Content-Security-Policy")) {
+    cspNotes.append("No CSP in response").append("\n");
+    requestResponse.annotations().setNotes(cspNotes.toString());
+    return true;
+}
+
+// Check if bad directives in CSP
+String csp = requestResponse.response().headerValue("Content-Security-Policy");
+ArrayList<String> vulnerableDirectives = new ArrayList<>();
+String[] directivesToCheck = new String[]{"unsafe-inline", "unsafe-eval"};
+
+for(int i=0;i<directivesToCheck.length;i++) {
+    if(csp.contains(directivesToCheck[i])) {
+        vulnerableDirectives.add(directivesToCheck[i]);
+    }
+}
+
+String.join(", ", vulnerableDirectives);
+cspNotes.append(vulnerableDirectives).append("\n");
+
+if (cspNotes.length() > 0) {
+    requestResponse.annotations().setNotes(cspNotes.toString());
+}
+return cspNotes.length() > 0;
diff --git a/Filter/Proxy/HTTP/HSTS Misconfigured.bambda b/Filter/Proxy/HTTP/HSTS Misconfigured.bambda
@@ -0,0 +1,22 @@
+StringBuilder hstsNotes = new StringBuilder();
+
+// Only show reqs in scope
+if (!requestResponse.request().isInScope()) {
+    return false;
+}
+
+if(requestResponse.response() == null) {
+    return false;
+}
+
+// Check if no HSTS
+if(!requestResponse.response().hasHeader("Strict-Transport-Security")) {
+    hstsNotes.append("No HSTS in response").append("\n");
+    requestResponse.annotations().setNotes(hstsNotes.toString());
+    return true;
+}
+
+if (hstsNotes.length() > 0) {
+    requestResponse.annotations().setNotes(hstsNotes.toString());
+}
+return hstsNotes.length() > 0;