Skip to content

Commit

Permalink
Basic query checker
Browse files Browse the repository at this point in the history
  • Loading branch information
abdurahman-ctis committed Nov 30, 2019
1 parent 83b0978 commit ba94274
Show file tree
Hide file tree
Showing 4 changed files with 190 additions and 1 deletion.
3 changes: 2 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
env/
.idea/
.idea/
__pycache__/
83 changes: 83 additions & 0 deletions app.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
import json
from time import time
from urllib.parse import urlparse

import firebase_admin
from firebase_admin import credentials
from firebase_admin import db
from flask import Flask, request
from flask_restful import Resource, Api
from flask_socketio import SocketIO

cred = credentials.Certificate('ids-hackathor-636a3e9f4e4c.json')
firebase_admin.initialize_app(cred, {
'databaseURL': 'https://ids-hackathor.firebaseio.com/'
})
ref = db.reference('')

with open('payloads.json', encoding="utf8") as f:
loaded = json.load(f)
XSS = loaded['XSS']
TRAVERS = loaded['TRAVERS']

app = Flask(__name__)
api = Api(app)
app.config['SECRET_KEY'] = 'secret!'
socketio = SocketIO(app)
DOMAIN = "bilkent.com"


def send_ref(ip, param, val, type):
ref.push({
"ip": ip,
"type": type,
"query_key": param,
"query_val": val,
"timestamp": time()
})


def not_same_domain(url):
url = urlparse(url).netloc
index = url.find("@")
if index != -1:
url = url[index + 1:]
return url != DOMAIN


class AnalyzeQuery(Resource):
def get(self):
return db.reference('').get()

def post(self):
params = request.get_json(force=True)
ip = request.remote_addr
for param, val in params.items():
# XSS
for pload in XSS:
if pload in val:
send_ref(ip, param, val, 'xss')
break
# SQLi
if "'" in val and ('and' in val.lower() or 'or' in val.lower()) or '--' in val:
send_ref(ip, param, val, 'sqli')
# CRLF
if '%0d' in val.lower() or '%0a' in val.lower():
send_ref(ip, param, val, 'csrf')
# OPEN Redirect
if len([i for i in ['url', 'redirect', 'next'] if i in param.lower()]) > 0 \
and not_same_domain(val):
send_ref(ip, param, val, 'open_redirect')
# Path Traversal
for pload in TRAVERS:
if pload in val:
send_ref(ip, param, val, 'path_traversal')
break

return params


api.add_resource(AnalyzeQuery, '/api/query')

if __name__ == '__main__':
socketio.run(app)
12 changes: 12 additions & 0 deletions ids-hackathor-636a3e9f4e4c.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{
"type": "service_account",
"project_id": "ids-hackathor",
"private_key_id": "636a3e9f4e4c784b20b6386626af59e828ffbd1b",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCguN9j9FBhhif6\n/JUNN/idi3dC35jQiTt/4uU7S1fDm1IwbuKGgDlDeoPAS0ayN4JBHmflxgBJbMg0\neSsZJURRoRVNZM8E2wpiMsvfItBTEoYX7eAHMvG6qR6XXKWhV8tUi5VB/6fBUZPd\nPMOQMWTj00CZD7XNKzFcx+syYbDyO2QnsHgmKh32kq1Cl2zZGtQOpuxRLKLmYaXv\n2mKuzMz3bcVyCWnElUsrlpI8tgNd7UcGMV2ciwC7tQ76EyiHpIicjuWPpctjNpGV\nijcm0o5IqCTV1J1AUU4NKn3p8tpkp6ucHxEU6wY+qIKgEYArPbOc0L4qV/2dx/Oh\ndyg5II3xAgMBAAECggEABnxXXwfGC51xW3tAXFnYt92fwl+jOzBI6dXJftPndrUI\nnMkIup+ngx3WF1cvHLRJPRP7SNlgrxXYJ85UJMEtSXPMGB6vWcIpRqh6miZ9piO+\nX6GH7Uc+XBQ38A87MgoIyKb5iIHtOz7UJ8G5OZMiTJN8jQCsvmeip9x7oc5ktW2l\nCaoULYwNRGU+nTlE+cWJ23KCKIQcpLvHABHrJUDHE4XWotA02F9iniNiELQNVdrR\n+sVnot5/rk3FLvEApU6VIrDGXzT15AOswg6nIiWCeEVqhUBIbVNLFHLti8xlVtXa\nZPQLSpxev1QZgFs0z67VDZwhGKetswLSzfzpGU7RHQKBgQDTVSn7TJNCF4Zoa7g/\ni8XcfRw+4thr591ZkV2MhZZb95OwqyD0qGAG9jbcJDWw6EQ+ZKQ5uMw/xN823EbW\nCLxrzX7EMujdzoTTuLdMZxUMocm/+RH5zgnlHlNtPkhCePmWvocako2HKsvn1Ohp\nvDc7KIFQ1vfVDY3Rc3fEyexO/QKBgQDCsUN29QxgZjoUBFNP1gfFkXourgLeYnl2\nlV73uVlpgJVuKUQ1L59/6Xa/yp1tBoZLQ3z707O+K9ol7qEWj8Qw6qjR9ugtnHEL\nMnw79W95nBO0+zt8FQt55dUJo/FNNnt6EskvkmdaxyxAw9KHMPfK0lBMMptP4R/z\n4SgtELn/BQKBgDadltjsJE57V/AajqZVkA/4gVk7NOVGKe1g5QVQ7Nfdttx8jWrN\nLOv/q5PfA8UxcZmSVuLYAGkmju1VpjTgUxmlJPK9mXLhUXCKF0z2gvkdws8LJnsh\npWsCGFtuMiyDqTUtDitu3oalJ8dFPb89tiRixnDG7YuxEgqkRbqk2J5dAoGAY3jG\nC2UwKaCRU+DR4BxuZBbr4iWt+Yk+ncO7fb4JXMoBjwMugi4Ow/+4WE1hGW8X9iRJ\nGzESyLsG/hJp42kYyBVco8oO3h7r8ticeNXxWqTPvMwPnFn0PxeaPQ6yHs0TUU9/\n0vpuLAdPKNfkHIZ8U/gYZpYEnE9dT/Fd4YiGPzECgYEAukgf0UxBKpswolBeLJtv\nfnTziH+z/08+GXWLW6ICGCvgos7ITkuK+Mdb6c8cdP+2ce4DWUDfGW5ZDQoueoxF\n0OZ6agC51nVItSZ7aKKx59Fc/M9gtux9+CNpeA9ICcG9LYL0V33L0IMQWgX9hKGd\nrxmwR+X1+0hCrbBaKJ7f2Rs=\n-----END PRIVATE KEY-----\n",
"client_email": "firebase-adminsdk-hvuk3@ids-hackathor.iam.gserviceaccount.com",
"client_id": "112181956225570280698",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk-hvuk3%40ids-hackathor.iam.gserviceaccount.com"
}
93 changes: 93 additions & 0 deletions payloads.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
{
"XSS": [
"<",
"%3C",
"&lt",
"&lt;",
"&LT",
"&LT;",
"&#60",
"&#060",
"&#0060",
"&#00060",
"&#000060",
"&#0000060",
"&#60;",
"&#060;",
"&#0060;",
"&#00060;",
"&#000060;",
"&#0000060;",
"&#x3c",
"&#x03c",
"&#x003c",
"&#x0003c",
"&#x00003c",
"&#x000003c",
"&#x3c;",
"&#x03c;",
"&#x003c;",
"&#x0003c;",
"&#x00003c;",
"&#x000003c;",
"&#X3c",
"&#X03c",
"&#X003c",
"&#X0003c",
"&#X00003c",
"&#X000003c",
"&#X3c;",
"&#X03c;",
"&#X003c;",
"&#X0003c;",
"&#X00003c;",
"&#X000003c;",
"&#x3C",
"&#x03C",
"&#x003C",
"&#x0003C",
"&#x00003C",
"&#x000003C",
"&#x3C;",
"&#x03C;",
"&#x003C;",
"&#x0003C;",
"&#x00003C;",
"&#x000003C;",
"&#X3C",
"&#X03C",
"&#X003C",
"&#X0003C",
"&#X00003C",
"&#X000003C",
"&#X3C;",
"&#X03C;",
"&#X003C;",
"&#X0003C;",
"&#X00003C;",
"&#X000003C;",
"\\x3c",
"\\x3C",
"\u003c",
"\u003C",
"(alert)(1)",
"a=alert,a(1)",
"[1].find(alert)",
"top[“al”+”ert”](1)",
"top[/al/.source+/ert/.source](1)",
"al\\u0065rt(1)",
"top[‘al\\145rt’](1)",
"top[‘al\\x65rt’](1)",
"top[8680439..toString(30)](1)"
],
"TRAVERS": [
"../",
"..\\",
"..\\/",
"%2e%2e%2f",
"%252e%252e%252f",
"%c0%ae%c0%ae%c0%af",
"%uff0e%uff0e%u2215",
"%uff0e%uff0e%u2216"
]
}

0 comments on commit ba94274

Please sign in to comment.