class API_Fuzzer::XssCheck
Constants
- ALLOWED_METHODS
- PAYLOADS
- PAYLOAD_PATH
Attributes
parameters[RW]
Public Class Methods
scan(options = {})
click to toggle source
# File lib/API_Fuzzer/xss_check.rb, line 16 def self.scan(options = {}) @url = options[:url] || nil raise InvalidURLError, "[ERROR] URL missing in argument" unless @url @params = options[:params] || {} @cookies = options[:cookies] || {} @headers = options[:headers] || {} @json = options[:json] || false @vulnerabilities = [] fetch_payloads PAYLOADS.each do |payload| fuzz_each_payload(payload) end @vulnerabilities.uniq { |vuln| vuln.description } end
Private Class Methods
check_response?(body, payload)
click to toggle source
# File lib/API_Fuzzer/xss_check.rb, line 70 def self.check_response?(body, payload) if body.to_s.include?(payload) return true end false end
fetch_payloads()
click to toggle source
# File lib/API_Fuzzer/xss_check.rb, line 85 def self.fetch_payloads file = File.expand_path(PAYLOAD_PATH, __FILE__) File.readlines(file).each do |line| PAYLOADS << line end end
fuzz_each_parameter(parameter, payload)
click to toggle source
# File lib/API_Fuzzer/xss_check.rb, line 40 def self.fuzz_each_parameter(parameter, payload) @params[parameter] = payload ALLOWED_METHODS.each do |method| response = API_Fuzzer::Request.send_api_request( url: @url, params: @params, method: method, cookies: @cookies, headers: @headers ) if response_json?(response) body = JSON.parse(response.body) else vulnerable = check_response?(response.body, payload) if success?(response) @vulnerabilities << API_Fuzzer::Vulnerability.new( description: "Possible XSS in #{method} #{@url} parameter: #{@parameter}", value: "[PAYLOAD] #{payload}", type: 'MEDIUM' ) if vulnerable else API_Fuzzer::Error.new(description: "[ERROR] #{method} #{@url}", status: response.status, value: response.body) end end end end
fuzz_each_payload(payload)
click to toggle source
# File lib/API_Fuzzer/xss_check.rb, line 34 def self.fuzz_each_payload(payload) @params.keys.each do |parameter| fuzz_each_parameter(parameter, payload) end end
response_json?(response)
click to toggle source
# File lib/API_Fuzzer/xss_check.rb, line 81 def self.response_json?(response) response && response.headers['Content-Type'].downcase =~ /application\/json/ end
success?(response)
click to toggle source
# File lib/API_Fuzzer/xss_check.rb, line 77 def self.success?(response) response.code == 200 end