Skip to content

Commit

Permalink
Added NestedCookie to handle key-value pairs inside individual cookies
Browse files Browse the repository at this point in the history
  • Loading branch information
Zapotek committed Jun 6, 2017
1 parent f87fd93 commit 6a4135b
Show file tree
Hide file tree
Showing 72 changed files with 2,062 additions and 180 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
- Options
- New
- `--scope-dom-event-inheritance-limit` -- Limits the amount of inherited events.
- `Element`
- Added `NestedCookie`: Handles key-value pairs inside individual cookies.
- `Browser`
- `Javascript`
- `DOMMonitor`
Expand Down
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -259,6 +259,7 @@ Arachni is able to extract and audit the following elements and their inputs:
- Along with ones that have client-side parameters in their URL fragments, i.e.:
`http://example.com/#/param/val/param2/val2`
- Cookies
- Also supports nested cookies, containing key-value pairs inside individual cookies.
- Headers
- Generic client-side elements which have associated DOM events.
- AJAX-request parameters.
Expand Down
4 changes: 2 additions & 2 deletions components/checks/active/no_sql_injection_differential.rb
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,9 @@ def self.info
of the web application and checks if the displayed behavior is consistent with
that of a vulnerable application.
},
elements: [ Element::Link, Element::Form, Element::Cookie ],
elements: [ Element::Link, Element::Form, Element::Cookie, Element::NestedCookie ],
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
version: '0.1.2',
version: '0.1.3',
platforms: [ :nosql ],

issue: {
Expand Down
4 changes: 2 additions & 2 deletions components/checks/active/sql_injection_differential.rb
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,9 @@ def self.info
of the web application and checks if the displayed behavior is consistent with
that of a vulnerable application.
},
elements: [ Element::Link, Element::Form, Element::Cookie ],
elements: [ Element::Link, Element::Form, Element::Cookie, Element::NestedCookie ],
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
version: '0.4.4',
version: '0.4.5',
platforms: [ :sql ],

issue: {
Expand Down
4 changes: 2 additions & 2 deletions components/checks/active/xss.rb
Original file line number Diff line number Diff line change
Expand Up @@ -155,9 +155,9 @@ def self.info
tainted responses to look for proof of vulnerability.
},
elements: [Element::Form, Element::Link, Element::Cookie,
Element::Header, Element::LinkTemplate],
Element::NestedCookie, Element::Header, Element::LinkTemplate],
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
version: '0.4.9',
version: '0.4.10',

issue: {
name: %q{Cross-Site Scripting (XSS)},
Expand Down
4 changes: 2 additions & 2 deletions components/checks/active/xss_event.rb
Original file line number Diff line number Diff line change
Expand Up @@ -125,9 +125,9 @@ def self.info
{
name: 'XSS in HTML element event attribute',
description: %q{Cross-Site Scripting in event tag of HTML element.},
elements: [Element::Form, Element::Link, Element::Cookie, Element::Header],
elements: [Element::Form, Element::Link, Element::Cookie, Element::NestedCookie, Element::Header],
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
version: '0.1.9',
version: '0.1.10',

issue: {
name: %q{Cross-Site Scripting (XSS) in event tag of HTML element},
Expand Down
4 changes: 2 additions & 2 deletions components/checks/active/xss_script_context.rb
Original file line number Diff line number Diff line change
Expand Up @@ -223,9 +223,9 @@ def self.info
Injects JS taint code and check to see if it gets executed as proof of vulnerability.
},
elements: [ Element::Form, Element::Link, Element::Cookie,
Element::Header, Element::LinkTemplate ],
Element::NestedCookie, Element::Header, Element::LinkTemplate ],
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
version: '0.2.5',
version: '0.2.6',

issue: {
name: %q{Cross-Site Scripting (XSS) in script context},
Expand Down
5 changes: 3 additions & 2 deletions components/checks/active/xss_tag.rb
Original file line number Diff line number Diff line change
Expand Up @@ -83,9 +83,10 @@ def self.info
{
name: 'XSS in HTML tag',
description: %q{Cross-Site Scripting in HTML tag.},
elements: [ Element::Form, Element::Link, Element::Cookie, Element::Header ],
elements: [ Element::Form, Element::Link, Element::Cookie,
Element::NestedCookie, Element::Header ],
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
version: '0.1.11',
version: '0.1.12',

issue: {
name: %q{Cross-Site Scripting (XSS) in HTML tag},
Expand Down
3 changes: 2 additions & 1 deletion components/reporters/html.rb
Original file line number Diff line number Diff line change
Expand Up @@ -439,7 +439,7 @@ def self.info
description: %q{Exports the audit results as a compressed HTML report.},
content_type: 'application/zip',
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
version: '0.4.3',
version: '0.4.4',
options: [
Options.outfile( '.html.zip' ),
Options.skip_responses
Expand Down Expand Up @@ -489,6 +489,7 @@ def prepare_data
Element::Link::DOM.type => 0,
Element::Cookie.type => 0,
Element::Cookie::DOM.type => 0,
Element::NestedCookie.type => 0,
Element::LinkTemplate.type => 0,
Element::LinkTemplate::DOM.type => 0,
Element::Header.type => 0,
Expand Down
2 changes: 1 addition & 1 deletion components/reporters/xml.rb
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,7 @@ def self.info
description: %q{Exports the audit results as an XML (.xml) file.},
content_type: 'text/xml',
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
version: '0.3.6',
version: '0.3.7',
options: [ Options.outfile( '.xml' ), Options.skip_responses ]
}
end
Expand Down
1 change: 1 addition & 0 deletions components/reporters/xml/schema.xsd
Original file line number Diff line number Diff line change
Expand Up @@ -762,6 +762,7 @@
<xs:enumeration value="Arachni::Element::Link::DOM"/>
<xs:enumeration value="Arachni::Element::Cookie" />
<xs:enumeration value="Arachni::Element::Cookie::DOM" />
<xs:enumeration value="Arachni::Element::NestedCookie" />
<xs:enumeration value="Arachni::Element::Header" />
<xs:enumeration value="Arachni::Element::LinkTemplate" />
<xs:enumeration value="Arachni::Element::LinkTemplate::DOM"/>
Expand Down
13 changes: 9 additions & 4 deletions lib/arachni/check/auditor.rb
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,8 @@ def self.check?( page, restrict_to_elements = nil, ignore_dom_depth = false )
audit.form_doms? && page.has_script? && !!page.forms.find(&:dom) },
Element::Cookie =>
proc { audit.cookies? && page.cookies.any? },
Element::NestedCookie =>
proc { audit.nested_cookies? && page.nested_cookies.any? },
Element::Cookie::DOM =>
proc { (ignore_dom_depth || page.dom.depth > 0) &&
audit.cookie_doms? && page.has_script? && page.cookies.any? },
Expand All @@ -117,8 +119,8 @@ def self.check?( page, restrict_to_elements = nil, ignore_dom_depth = false )
proc { audit.jsons? && page.jsons.find { |e| e.inputs.any? } },
Element::XML =>
proc { audit.xmls? && page.xmls.find { |e| e.inputs.any? } },
Element::UIInput => false,
Element::UIInput::DOM =>
Element::UIInput => false,
Element::UIInput::DOM =>
proc { audit.ui_inputs? && page.ui_inputs.any? },
Element::UIForm => false,
Element::UIForm::DOM =>
Expand Down Expand Up @@ -297,8 +299,8 @@ def max_issues

# Non-DOM auditable elements.
ELEMENTS_WITH_INPUTS = [
Element::Link, Element::Form, Element::Cookie, Element::Header,
Element::LinkTemplate, Element::JSON, Element::XML
Element::Link, Element::Form, Element::Cookie, Element::NestedCookie,
Element::Header, Element::LinkTemplate, Element::JSON, Element::XML
]

# Auditable DOM elements.
Expand Down Expand Up @@ -491,6 +493,9 @@ def each_candidate_element( &block )
when Element::Cookie.type
prepare_each_element(page.cookies, &block )

when Element::NestedCookie.type
prepare_each_element(page.nested_cookies, &block )

when Element::Header.type
prepare_each_element( page.headers, &block )

Expand Down
Loading

0 comments on commit 6a4135b

Please sign in to comment.