Skip to content

Commit

Permalink
Added Ignore Image Files Option
Browse files Browse the repository at this point in the history 
Added the configuration option to ignore the content-types related to the following image files: gif, png, jpeg, svg+xml.
  • Loading branch information
@alp1n3-eth
alp1n3-eth committed Sep 14, 2024
1 parent 26c1c1f commit 03932e9
Showing 1 changed file with 105 additions and 55 deletions.
160 changes: 105 additions & 55 deletions other/uuid-detected-guid-versions.bcheck
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,24 @@ metadata:
language: v1-beta
name: "UUID detected"
description: "This bcheck template passively identifies and reports the use of various UUID versions within application."
author: "vavkamil"
author: "vavkamil, alp1n3.eth"
tags: "passive", "guid", "uuid"

define:
# Modify config based on the application you are testing :)
config_check_request = "False" # It will return a lot of noise, like cookies
config_check_response = "True" # It will return a lot of noise, like response headers
config_request_url = "False" # It will identify GET/POST/PUT/PATCH requests from Frontend with no UUID in response
config_request_body = "False" # It will identify POST/PUT/PATCH requests from Frontend with no UUID in response
# Request config
config_check_request = "False"
# It will return a lot of noise, like cookies
config_request_url = "False"
# It will identify GET/POST/PUT/PATCH requests from Frontend with no UUID in response
config_request_body = "False"
# It will identify POST/PUT/PATCH requests from Frontend with no UUID in response
# Response config
config_check_response = "True"
# It will return a lot of noise, like response headers
config_ignore_response_images = "True"
# It will ignore responses that contain popular image headers in their Content-Type header
# Current files ignored: gif, png, jpeg, svg+xml
####################################################################################################
references = "References
- https://www.intruder.io/research/in-guid-we-trust
Expand Down Expand Up @@ -63,38 +72,79 @@ An attacker might be able to generate UUID using predictable data."
given response then
# Check UUID anywhere in response
if {config_check_response} matches "True" then
# UUID v1 - RFC 4122 variant
# Example: 0f9a9c50-79b9-11ee-b962-0242ac120002
if {base.response} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: high
confidence: firm
detail: `{issueDetail_uuid_v1}`
remediation: `{issueRemediation}`
# UUID v3 - RFC 4122 variant
# Example: 3d813cbb-47fb-32ba-91df-831e1593ac29
else if {base.response} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[3][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: low
confidence: firm
detail: `{issueDetail_uuid_v3}`
remediation: `{issueRemediation}`
# UUID v4 - RFC 4122 variant
# Example: 9f1e379d-e839-4d3a-9c2a-1d4dde67f75c
else if {base.response} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[4][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: info
confidence: firm
detail: `{issueDetail_uuid_v4}`
remediation: `{issueRemediation_ok}`
# UUID v5 - RFC 4122 variant
# Example: 74738ff5-5367-5958-9aee-98fffdcd1876
else if {base.response} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: low
confidence: firm
detail: `{issueDetail_uuid_v5}`
remediation: `{issueRemediation}`
if {config_ignore_response_images} matches "True" then
if not("image/gif" in {base.response.headers}) or
not("image/png" in {base.response.headers}) or
not("image/jpeg" in {base.response.headers}) or
not("image/svg+xml" in {base.response.headers}) then
# UUID v1 - RFC 4122 variant
# Example: 0f9a9c50-79b9-11ee-b962-0242ac120002
if {base.response} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: high
confidence: firm
detail: `{issueDetail_uuid_v1}`
remediation: `{issueRemediation}`
# UUID v3 - RFC 4122 variant
# Example: 3d813cbb-47fb-32ba-91df-831e1593ac29
else if {base.response} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[3][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: low
confidence: firm
detail: `{issueDetail_uuid_v3}`
remediation: `{issueRemediation}`
# UUID v4 - RFC 4122 variant
# Example: 9f1e379d-e839-4d3a-9c2a-1d4dde67f75c
else if {base.response} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[4][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: info
confidence: firm
detail: `{issueDetail_uuid_v4}`
remediation: `{issueRemediation_ok}`
# UUID v5 - RFC 4122 variant
# Example: 74738ff5-5367-5958-9aee-98fffdcd1876
else if {base.response} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: low
confidence: firm
detail: `{issueDetail_uuid_v5}`
remediation: `{issueRemediation}`
end if
end if
else then
# UUID v1 - RFC 4122 variant
# Example: 0f9a9c50-79b9-11ee-b962-0242ac120002
if {base.response} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: high
confidence: firm
detail: `{issueDetail_uuid_v1}`
remediation: `{issueRemediation}`
# UUID v3 - RFC 4122 variant
# Example: 3d813cbb-47fb-32ba-91df-831e1593ac29
else if {base.response} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[3][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: low
confidence: firm
detail: `{issueDetail_uuid_v3}`
remediation: `{issueRemediation}`
# UUID v4 - RFC 4122 variant
# Example: 9f1e379d-e839-4d3a-9c2a-1d4dde67f75c
else if {base.response} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[4][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: info
confidence: firm
detail: `{issueDetail_uuid_v4}`
remediation: `{issueRemediation_ok}`
# UUID v5 - RFC 4122 variant
# Example: 74738ff5-5367-5958-9aee-98fffdcd1876
else if {base.response} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: low
confidence: firm
detail: `{issueDetail_uuid_v5}`
remediation: `{issueRemediation}`
end if
end if
end if

Expand All @@ -108,24 +158,24 @@ given response then
confidence: firm
detail: `{issueDetail_uuid_v1}`
remediation: `{issueRemediation}`
# UUID v3 - RFC 4122 variant
# Example: 3d813cbb-47fb-32ba-91df-831e1593ac29
# UUID v3 - RFC 4122 variant
# Example: 3d813cbb-47fb-32ba-91df-831e1593ac29
else if {base.request} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[3][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: low
confidence: firm
detail: `{issueDetail_uuid_v3}`
remediation: `{issueRemediation}`
# UUID v4 - RFC 4122 variant
# Example: 9f1e379d-e839-4d3a-9c2a-1d4dde67f75c
# UUID v4 - RFC 4122 variant
# Example: 9f1e379d-e839-4d3a-9c2a-1d4dde67f75c
else if {base.request} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[4][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: info
confidence: firm
detail: `{issueDetail_uuid_v4}`
remediation: `{issueRemediation_ok}`
# UUID v5 - RFC 4122 variant
# Example: 74738ff5-5367-5958-9aee-98fffdcd1876
# UUID v5 - RFC 4122 variant
# Example: 74738ff5-5367-5958-9aee-98fffdcd1876
else if {base.request} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: low
Expand All @@ -145,24 +195,24 @@ given response then
confidence: firm
detail: `{issueDetail_uuid_v1}`
remediation: `{issueRemediation}`
# UUID v3 - RFC 4122 variant
# Example: 3d813cbb-47fb-32ba-91df-831e1593ac29
# UUID v3 - RFC 4122 variant
# Example: 3d813cbb-47fb-32ba-91df-831e1593ac29
else if {base.request.url} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[3][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: low
confidence: firm
detail: `{issueDetail_uuid_v3}`
remediation: `{issueRemediation}`
# UUID v4 - RFC 4122 variant
# Example: 9f1e379d-e839-4d3a-9c2a-1d4dde67f75c
# UUID v4 - RFC 4122 variant
# Example: 9f1e379d-e839-4d3a-9c2a-1d4dde67f75c
else if {base.request.url} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[4][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: info
confidence: firm
detail: `{issueDetail_uuid_v4}`
remediation: `{issueRemediation_ok}`
# UUID v5 - RFC 4122 variant
# Example: 74738ff5-5367-5958-9aee-98fffdcd1876
# UUID v5 - RFC 4122 variant
# Example: 74738ff5-5367-5958-9aee-98fffdcd1876
else if {base.request.url} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: low
Expand All @@ -182,24 +232,24 @@ given response then
confidence: firm
detail: `{issueDetail_uuid_v1}`
remediation: `{issueRemediation}`
# UUID v3 - RFC 4122 variant
# Example: 3d813cbb-47fb-32ba-91df-831e1593ac29
# UUID v3 - RFC 4122 variant
# Example: 3d813cbb-47fb-32ba-91df-831e1593ac29
else if {base.request.body} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[3][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: low
confidence: firm
detail: `{issueDetail_uuid_v3}`
remediation: `{issueRemediation}`
# UUID v4 - RFC 4122 variant
# Example: 9f1e379d-e839-4d3a-9c2a-1d4dde67f75c
# UUID v4 - RFC 4122 variant
# Example: 9f1e379d-e839-4d3a-9c2a-1d4dde67f75c
else if {base.request.body} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[4][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: info
confidence: firm
detail: `{issueDetail_uuid_v4}`
remediation: `{issueRemediation_ok}`
# UUID v5 - RFC 4122 variant
# Example: 74738ff5-5367-5958-9aee-98fffdcd1876
# UUID v5 - RFC 4122 variant
# Example: 74738ff5-5367-5958-9aee-98fffdcd1876
else if {base.request.body} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then
report issue:
severity: low
Expand Down

0 comments on commit 03932e9

Please sign in to comment.