class API_Fuzzer::RedirectCheck

Constants

ALLOWED_METHODS
REDIRECT_URL

Public Class Methods

fuzz_each_parameter(parameter) click to toggle source
# File lib/API_Fuzzer/redirect_check.rb, line 76
def fuzz_each_parameter(parameter)
  params = @params
  params[parameter] = REDIRECT_URL
  ALLOWED_METHODS.each do |method|
    begin
      response = API_Fuzzer::Request.send_api_request(
        url: @url,
        method: method,
        cookies: @cookies,
        params: params,
        headers: @headers
      )

      @vulnerabilities << API_Fuzzer::Vulnerability.new(
        description: "Possible Open Redirect vulnerability in #{method} #{url}",
        parameter: "Parameter: #{parameter}",
        value: "[PAYLOAD] #{params.to_s.gsub(REDIRECT_URL, 'PAYLOAD_URL')}",
        type: 'MEDIUM'
      ) if response.headers['LOCATION'] =~ /#{REDIRECT_URL}/
    rescue Exception => e
      puts e.message
    end
  end
end
fuzz_fragment(url) click to toggle source
# File lib/API_Fuzzer/redirect_check.rb, line 53
def fuzz_fragment(url)
  ALLOWED_METHODS.each do |method|
    begin
      response = API_Fuzzer::Request.send_api_request(
        url: url,
        method: method,
        cookies: @cookies,
        params: @params,
        headers: @headers
      )

      @vulnerabilities << API_Fuzzer::Vulnerability.new(
        description: "Possible Open Redirect vulnerability in #{method} #{url}",
        parameter: "URL: #{url}",
        value: "[PAYLOAD] #{url.gsub(REDIRECT_URL, 'PAYLOAD_URL')}",
        type: 'MEDIUM'
      ) if response.headers['Location'] =~ /#{REDIRECT_URL}/
    rescue Exception => e
      puts e.message
    end
  end
end
fuzz_payload() click to toggle source
# File lib/API_Fuzzer/redirect_check.rb, line 29
def fuzz_payload
  uri = URI(@url)
  path = uri.path
  query = uri.query
  # base_uri = query.nil? ? path : [path, query].join("?")
  fragments = path.split(/[\/,?,&]/) - ['']
  fragments << query.split('&') if query
  fragments.flatten!
  fragments.each do |fragment|
    if fragment.match(/\A(\w+)=(.?*)\z/) && valid_url?($2)
      url = @url.gsub($2, REDIRECT_URL).chomp
      fuzz_fragment(url)
    elsif valid_url?(fragment)
      url = @url.gsub(fragment, REDIRECT_URL)
      fuzz_fragment(url)
    end
  end
  return if @params.empty?

  @params.keys.each do |parameter|
    fuzz_each_parameter(parameter) if valid_url? @params[parameter]
  end
end
scan(options = {}) click to toggle source
# File lib/API_Fuzzer/redirect_check.rb, line 11
def scan(options = {})
  @url = options[:url]
  @params = options[:params] || {}
  @cookies = options[:cookies] || {}
  @json = options[:json] || false
  @headers = options[:headers] || {}

  @vulnerabilities = []
  fuzz_payload
  return @vulnerabilities.uniq { |vuln| vuln.description }
rescue Exception => e
  @vulnerabilities << API_Fuzzer::Error.new(
    description: e.message,
    status: 'ERROR',
    value: e.backtrace
  )
end
valid_url?(url) click to toggle source
# File lib/API_Fuzzer/redirect_check.rb, line 101
def valid_url? url
  url =~ URI.regexp
end