class API_Fuzzer::XssCheck

Constants

ALLOWED_METHODS
PAYLOADS
PAYLOAD_PATH

Attributes

parameters[RW]

Public Class Methods

scan(options = {}) click to toggle source
# File lib/API_Fuzzer/xss_check.rb, line 16
def self.scan(options = {})
  @url = options[:url] || nil
  raise InvalidURLError, "[ERROR] URL missing in argument" unless @url
  @params = options[:params] || {}
  @cookies = options[:cookies] || {}
  @headers = options[:headers] || {}
  @json = options[:json] || false
  @vulnerabilities = []

  fetch_payloads
  PAYLOADS.each do |payload|
    fuzz_each_payload(payload)
  end
  @vulnerabilities.uniq { |vuln| vuln.description }
end

Private Class Methods

check_response?(body, payload) click to toggle source
# File lib/API_Fuzzer/xss_check.rb, line 70
def self.check_response?(body, payload)
  if body.to_s.include?(payload)
    return true
  end
  false
end
fetch_payloads() click to toggle source
# File lib/API_Fuzzer/xss_check.rb, line 85
def self.fetch_payloads
  file = File.expand_path(PAYLOAD_PATH, __FILE__)
  File.readlines(file).each do |line|
    PAYLOADS << line
  end
end
fuzz_each_parameter(parameter, payload) click to toggle source
# File lib/API_Fuzzer/xss_check.rb, line 40
def self.fuzz_each_parameter(parameter, payload)
  @params[parameter] = payload

  ALLOWED_METHODS.each do |method|
    response = API_Fuzzer::Request.send_api_request(
      url: @url,
      params: @params,
      method: method,
      cookies: @cookies,
      headers: @headers
    )

    if response_json?(response)
      body = JSON.parse(response.body)
    else
      vulnerable = check_response?(response.body, payload)

      if success?(response)
        @vulnerabilities << API_Fuzzer::Vulnerability.new(
          description: "Possible XSS in #{method} #{@url} parameter: #{@parameter}",
          value: "[PAYLOAD] #{payload}",
          type: 'MEDIUM'
        ) if vulnerable
      else
        API_Fuzzer::Error.new(description: "[ERROR] #{method} #{@url}", status: response.status, value: response.body)
      end
    end
  end
end
fuzz_each_payload(payload) click to toggle source
# File lib/API_Fuzzer/xss_check.rb, line 34
def self.fuzz_each_payload(payload)
  @params.keys.each do |parameter|
    fuzz_each_parameter(parameter, payload)
  end
end
response_json?(response) click to toggle source
# File lib/API_Fuzzer/xss_check.rb, line 81
def self.response_json?(response)
  response && response.headers['Content-Type'].downcase =~ /application\/json/
end
success?(response) click to toggle source
# File lib/API_Fuzzer/xss_check.rb, line 77
def self.success?(response)
  response.code == 200
end