Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TEMPLATE CONTRIBUTION] Google Identity-Aware Proxy detection #11444

Open
1 task done
davidfegyver opened this issue Jan 5, 2025 · 1 comment
Open
1 task done

[TEMPLATE CONTRIBUTION] Google Identity-Aware Proxy detection #11444

davidfegyver opened this issue Jan 5, 2025 · 1 comment
Assignees
@DhiyaneshGeek
Labels
template-contribution Nuclei template contribution

Comments

@davidfegyver
Copy link
Contributor

davidfegyver commented Jan 5, 2025
edited
Loading

Is there an existing template for this?

  • I have searched the existing templates.

Nuclei Template

id: google-iap-detection

info:
  name: Google IAP Detection
  author: davidfegyver
  severity: info
  description: |
    Detects if the target uses Google's Identity-Aware Proxy
http:
  - method: GET
    path:
      - "{{BaseURL}}"
    matchers:
      - type: word
        part: header
        words:
          - "X-Goog-Iap-Generated-Response: true" # Documentation: https://cloud.google.com/iap/docs/query-parameters-and-headers-howto#detecting_responses
    extractors: #included as an alternative to https://github.com/projectdiscovery/nuclei-templates/issues/11443
      - type: regex
        part: header
        name: client_id
        regex:
          - "client_id=([^&]+)" 
        group: 1

  - method: GET
    path:
      - "{{BaseURL}}"
    redirects: true
    max-redirects: 2 # Two redirects are needed to get to the Google OAuth login page

    extractors: # I'm sure this part can be simplified, please help me do so :) 
      - type: regex
        part: body
        name: redirect_to
        regex:
          - "{key: 'ds:1', hash: '\\d+', data:\\[\"([^\"]+)\",[^,]+,[^,]+,\"([^\"]+)\"]"
        group: 1
      - type: regex
        part: body
        name: contact_email
        regex:
          - "{key: 'ds:1', hash: '\\d+', data:\\[\"([^\"]+)\",[^,]+,[^,]+,\"([^\"]+)\"]"
        group: 2
      - type: regex
        part: body
        name: app_name
        regex:
          - "{key: 'ds:5', hash: '\\d+', data:\\[[^,]+,[^,]+,\"([^\"]+)\"]"
        group: 1

Relevant dumped responses

<!-- The Google OAuth login page includes the following code: -->

<script class="ds:1" nonce="xxx">
    AF_initDataCallback({ key: 'ds:1', hash: '4', data: ["david-dev", null, null, "davidfegyver@example.com"], sideChannel: {} });
</script>
<script class="ds:5" nonce="xxx">
    AF_initDataCallback({ key: 'ds:5', hash: '5', data: [2, null, "David Dev App"], sideChannel: {} });
</script>

Anything else?

No response
@davidfegyver davidfegyver added the template-contribution Nuclei template contribution label Jan 5, 2025
@GeorginaReeder
Copy link

Thanks for your contribution @davidfegyver !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels
template-contribution Nuclei template contribution
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DhiyaneshGeek @davidfegyver @GeorginaReeder