-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcookiereflection.py
More file actions
130 lines (93 loc) · 4.56 KB
/
cookiereflection.py
File metadata and controls
130 lines (93 loc) · 4.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
import sys
from burp import IBurpExtender, IScannerCheck, IScanIssue
import jarray
class BurpExtender(IBurpExtender, IScannerCheck):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
print("Loaded Reflected Cookie Scanner")
print("Github: https://github.com/alexvec/BurpSuite_CookieReflection")
callbacks.setExtensionName("Cookie Reflection Checker")
callbacks.registerScannerCheck(self)
return
def doPassiveScan(self, baseRequestResponse):
# Get headers from the request
headers = self._helpers.analyzeRequest(baseRequestResponse).getHeaders()
cookies = []
# Extracting cookies from headers
for header in headers:
if header.startswith("Cookie:"):
# Split the cookie header to get individual cookies
for cookie_pair in header.split(":")[1].split(";"):
cookie_name, cookie_value = cookie_pair.strip().split("=", 1)
cookies.append((self._helpers.urlDecode(cookie_name), self._helpers.urlDecode(cookie_value)))
if cookies:
reflected_cookies = []
request_highlights = []
response_highlights = []
request = self._helpers.bytesToString(baseRequestResponse.getRequest())
response = self._helpers.bytesToString(baseRequestResponse.getResponse())
response_body = self._helpers.urlDecode(self._helpers.bytesToString(baseRequestResponse.getResponse()).split('\r\n\r\n', 1)[1])
for (cookie_name, cookie_value) in cookies:
is_name_reflected = cookie_name in response_body
is_value_reflected = cookie_value in response_body
if cookie_name in request:
request_start = request.index(cookie_name)
request_highlights.append([request_start, request_start + len(cookie_name)])
if cookie_value in request:
request_start = request.index(cookie_value)
request_highlights.append([request_start, request_start + len(cookie_value)])
if is_name_reflected:
response_start = response.index(cookie_name)
response_highlights.append([response_start, response_start + len(cookie_name)])
if is_value_reflected:
response_start = response.index(cookie_value)
response_highlights.append([response_start, response_start + len(cookie_value)])
if is_name_reflected or is_value_reflected:
reflected_cookies.append((cookie_name if is_name_reflected else None,
cookie_value if is_value_reflected else None))
# If there are any reflected cookie details, raise a single issue
if reflected_cookies:
return [ReflectedCookieIssue(baseRequestResponse, reflected_cookies, pylistlist_to_java_array(request_highlights), pylistlist_to_java_array(response_highlights), self._callbacks, self._helpers)]
return []
def consolidateDuplicateIssues(self, existingIssue, newIssue):
if existingIssue.getIssueName() == newIssue.getIssueName() and existingIssue.getIssueDetail() == newIssue.getIssueDetail():
return -1
return 0
class ReflectedCookieIssue(IScanIssue):
def __init__(self, requestResponse, reflected_cookies, request_highlights, response_highlights, callbacks, helpers):
self._callbacks = callbacks
self._helpers = helpers
self._requestResponse = requestResponse
self._reflected_cookies = reflected_cookies
self._request_highlights = request_highlights
self._response_highlights = response_highlights
def getUrl(self):
return self._helpers.analyzeRequest(self._requestResponse).getUrl()
def getIssueName(self):
return "Cookie Reflection"
def getIssueType(self):
return 0x08000000 # Custom issue type
def getSeverity(self):
return "Information"
def getConfidence(self):
return "Certain"
def getIssueBackground(self):
return "It has been observed that there is reflection of cookie details in the response body. This might be benign but in some cases could be indicative of potential issues."
def getIssueDetail(self):
details = "The following cookie details were reflected in the response body:<br><br>"
for cookie_name, cookie_value in self._reflected_cookies:
details += "<b>Cookie Name:</b> " + (cookie_name if cookie_name else "Not Reflected")
details += "<br><b>Cookie Value:</b> " + (cookie_value if cookie_value else "Not Reflected")
details += "<br>"
return details
def getRemediationDetail(self):
return None
def getRemediationBackground(self):
return None
def getHttpMessages(self):
return [self._callbacks.applyMarkers(self._requestResponse, self._request_highlights, self._response_highlights)]
def getHttpService(self):
return self._requestResponse.getHttpService()
def pylistlist_to_java_array(pylistlist):
return [jarray.array(item, 'i') for item in pylistlist]