release

Signed-off-by: divyansh jain <[email protected]>

CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 0.0.3 - Usable Alpha (2025-01-07)
+- Added new alert - Possible Sink - Client Side Redirection (meta tag)
+- Added new alert - Possible Detection - Oauth Implicit Flow being Utilised
+- Added new alert - Possible Detection - UUIDv1 still in use
+- Added new alert - Possible Detection - Oauth CSRF (state param missing)
+- Improved performance by reducing certain assignments and checks
+- Added text badge to the extension icon to show number of alerts
+
 ## 0.0.2 - Still Alpha (2024-12-02)
 - Improved API rules detection
 - Improved Possible Code Sink detection - LFI

src/alert.js

@@ -35,6 +35,14 @@ const alertJson = {
         "detectDuringTesting": true,
         "include": ["html", "json"]
     },
+    "Possible Sink - Client Side Redirection (meta tag)": { // could be utilised for csrf (samsite attribute doesn't affect here) when reflected url is found 
+        "variables": {
+            "keywords": "/<meta http-equiv=.*refresh.*content=.*?>/igm"
+        },
+        "check": "keywords.test(responseBody)",
+        "severity": "Medium",
+        "include": ["html"]
+    },
     // "Possible Sink - Client Side Path Traversal":{
     //     "variables": {
     //         "keywords": "/\\.\\.\\//igm"
@@ -58,6 +66,14 @@ const alertJson = {
         "severity": "Medium",
         "include": ["html","js"]
     },
+    "Insight - UUIDv1 still in use": {
+        "variables": {
+            "keywords": "/[0-9a-f]{8}-[0-9a-f]{4}-11e[0-9a-f]{1}-[0-9a-f]{4}-[0-9a-f]{12}/igm"
+        },
+        "check": "keywords.test(requestUrl) || keywords.test(requestBody) || keywords.test(responseBody)",
+        "severity": "Medium",
+        "include": ["html","json"]
+    },
     // "Insight - Possible response manipulation": {},
     "Possible Detection - ClickJacking" : {
         "variables": {
@@ -87,6 +103,28 @@ const alertJson = {
         "severity": "High",
         "include": ["html"]
     },
+    "Possible Detection - Oauth CSRF (state param missing)": {
+        "variables": {
+            "keywords": "/state=/igm",
+            "url_contains": "/oauth|authorize/igm",
+            "oauth_redirect_uri": "/redirect_uri=/igm",
+            "oauth_response_type": "/response_type=code/igm",
+            "oauth_client_id": "/client_id=/igm",
+        },
+        "check": "url_contains.test(requestUrl) && oauth_redirect_uri.test(requestUrl) && oauth_response_type.test(requestUrl) && oauth_client_id.test(requestUrl) && !keywords.test(requestUrl)",
+        "severity": "Low",
+        "include": ["html"]
+    },
+    "Possible Detection - Oauth Implicit Flow being Utilised": {
+        "variables": {
+            "keywords": "/response_type=(token|access_?-?token)/igm",
+            "url_contains": "oauth|authorize",
+            "oauth_redirect_uri": "redirect_uri=",
+        },
+        "check": "url_contains.test(requestUrl) && oauth_redirect_uri.test(requestUrl) && oauth_response_type.test(requestUrl) && !keywords.test(requestUrl)",
+        "severity": "High",
+        "include": ["html"]
+    },
     // "Possible Detection - Open Redirect (DOM based)": {
     //     "variables": {
     //         "keywords": "window\\.location\\.href"

src/background.js

@@ -361,7 +361,9 @@ function parseRequestBody(details) {
 }
 
 // Periodically clean up old HTTP details
-setInterval(() => {
+setInterval(async () => {
+    alerts = await getLocalStorageValue('alerts');
+    chrome.action.setBadgeText({text: alerts.length.toString()});
     console.log("httpdetails int: ", httpDetails)
     Object.keys(httpDetails).forEach(async requestId => {
         if (alreadySentHttpDetails.includes(requestId)) return;