diff --git a/CHANGELOG.md b/CHANGELOG.md index 861dd2a..3a66513 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## 0.0.3 - Usable Alpha (2025-01-07) +- Added new alert - Possible Sink - Client Side Redirection (meta tag) +- Added new alert - Possible Detection - Oauth Implicit Flow being Utilised +- Added new alert - Possible Detection - UUIDv1 still in use +- Added new alert - Possible Detection - Oauth CSRF (state param missing) +- Improved performance by reducing certain assignments and checks +- Added text badge to the extension icon to show number of alerts + ## 0.0.2 - Still Alpha (2024-12-02) - Improved API rules detection - Improved Possible Code Sink detection - LFI diff --git a/src/alert.js b/src/alert.js index d3c4dd6..b4174a4 100755 --- a/src/alert.js +++ b/src/alert.js @@ -35,6 +35,14 @@ const alertJson = { "detectDuringTesting": true, "include": ["html", "json"] }, + "Possible Sink - Client Side Redirection (meta tag)": { // could be utilised for csrf (samsite attribute doesn't affect here) when reflected url is found + "variables": { + "keywords": "//igm" + }, + "check": "keywords.test(responseBody)", + "severity": "Medium", + "include": ["html"] + }, // "Possible Sink - Client Side Path Traversal":{ // "variables": { // "keywords": "/\\.\\.\\//igm" @@ -58,6 +66,14 @@ const alertJson = { "severity": "Medium", "include": ["html","js"] }, + "Insight - UUIDv1 still in use": { + "variables": { + "keywords": "/[0-9a-f]{8}-[0-9a-f]{4}-11e[0-9a-f]{1}-[0-9a-f]{4}-[0-9a-f]{12}/igm" + }, + "check": "keywords.test(requestUrl) || keywords.test(requestBody) || keywords.test(responseBody)", + "severity": "Medium", + "include": ["html","json"] + }, // "Insight - Possible response manipulation": {}, "Possible Detection - ClickJacking" : { "variables": { @@ -87,6 +103,28 @@ const alertJson = { "severity": "High", "include": ["html"] }, + "Possible Detection - Oauth CSRF (state param missing)": { + "variables": { + "keywords": "/state=/igm", + "url_contains": "/oauth|authorize/igm", + "oauth_redirect_uri": "/redirect_uri=/igm", + "oauth_response_type": "/response_type=code/igm", + "oauth_client_id": "/client_id=/igm", + }, + "check": "url_contains.test(requestUrl) && oauth_redirect_uri.test(requestUrl) && oauth_response_type.test(requestUrl) && oauth_client_id.test(requestUrl) && !keywords.test(requestUrl)", + "severity": "Low", + "include": ["html"] + }, + "Possible Detection - Oauth Implicit Flow being Utilised": { + "variables": { + "keywords": "/response_type=(token|access_?-?token)/igm", + "url_contains": "oauth|authorize", + "oauth_redirect_uri": "redirect_uri=", + }, + "check": "url_contains.test(requestUrl) && oauth_redirect_uri.test(requestUrl) && oauth_response_type.test(requestUrl) && !keywords.test(requestUrl)", + "severity": "High", + "include": ["html"] + }, // "Possible Detection - Open Redirect (DOM based)": { // "variables": { // "keywords": "window\\.location\\.href" diff --git a/src/background.js b/src/background.js index 1456338..43057f6 100755 --- a/src/background.js +++ b/src/background.js @@ -361,7 +361,9 @@ function parseRequestBody(details) { } // Periodically clean up old HTTP details -setInterval(() => { +setInterval(async () => { + alerts = await getLocalStorageValue('alerts'); + chrome.action.setBadgeText({text: alerts.length.toString()}); console.log("httpdetails int: ", httpDetails) Object.keys(httpDetails).forEach(async requestId => { if (alreadySentHttpDetails.includes(requestId)) return;