filters

package

v0.7.0 Latest Latest Go to latest Published: Sep 12, 2020 License: MIT Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ctoyan/ponieproxy

Links

Open Source Insights

README ¶

Filters

Since the ponieproxy is just a small wrapper over goproxy, a filter is a struct that combines a slice of goproxy conditions(Req and Resp) and a goproxy handler(Req and Resp). Basically the conditions are applied to that handler and I've called it a filter.

You can add or remove filters in the two arrays in the main.go file - RequestFilters and ResponseFilters.

By default all filters are added (enabled). If you remove/comment them from main.go, they won't be applied.

Basic Filters

The idea for those is to provide more basic functionality which most people would want. You can check details in filters/write.go and filters/populate.go. Currently they are:

PopulateUserData() - populates the ctx.UserData with some userful data, which is send across all captured requests/responses
WriteReq() - writes uniquely hashed and unique requests for all matching regexes in inscope.txt
WriteResp() - writes uniquely hashed and unique responses for all matching regexes in inscope.txt

HUNT Filter

Ponieproxy applies a filter to ease the use of the HUNT Methodology.

A valid question is - What's the difference with the Burp and ZAP plugins that are already present?

The answer is that you have a bit more control over the type of matching that it does. It always matches params case insensitively. The default matching style is exact (using ==).

If you set -hem to false, it will look for a substring within the param. Foe example if the filter is searching for id, it will positively match the following userId, identification, ID. With -hem set to the default true, it will only match id, Id, etc.

Ponieproxy only looks for matches in request query params (e.g. ?id=123&url=ssrf.com&nomatch=123) and in JSON keys in the request body (e.g. {id: 123, url: "ssrf.com"", nomatch: 123}). In these two cases, ponieproxy will detect id and url and will write it in a .hunt file (same checksum name as the .req and .res files) and/or send a slack notification.

If you want an alert in slack, you should pass a slack webhook url to the sw option.

Currently the HUNT filter matches params for IDOR, SQL Injection, SSRF, SSTI, LFI/RFI/Path Traversal, OSCI, Debug and Logic Parameters, which are taken directly from the HUNT repo.

Filter to Save Request URL

Appends to a file all unique, in-scope URLs, that you've requested. If you want to name the file, pass the filename to the -su flag.

Filter to Save JS Files

Saves all .js files to their corresponding folder. Default save filder is ./js. So for example a request for https://somesite.com/path/to/file.js, will save the file to ./js/path/to/file.js

Documentation ¶

Index ¶

func FindInJson(huntType string, huntParam string, reqJsonKeys map[string]struct{}, ...)
func FindInQueryParams(huntType string, huntParam string, reqQueryParams map[string][]string, ...)
type RequestFilter
type ResponseFilter
type UserData

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func FindInJson ¶

func FindInJson(huntType string, huntParam string, reqJsonKeys map[string]struct{}, flags *config.Flags, ud UserData)

*

Searches for a string in the JSON request body
Sends a slack notification

func FindInQueryParams ¶

func FindInQueryParams(huntType string, huntParam string, reqQueryParams map[string][]string, flags *config.Flags, ud UserData)

*

Searches for a string in request query param
Sends a slack notification

Types ¶

type RequestFilter ¶

type RequestFilter struct {
	Conditions []goproxy.ReqCondition
	Handler    goproxy.FuncReqHandler
}

func DetectReqSecrets ¶ added in v0.7.0

func DetectReqSecrets(f *config.Flags) RequestFilter

Request filter * Detects secrets using regexs * * The only filter condition, wraps every line from your urls file * between braces and concatenates them, making the following regex: * (LINE_ONE)|(LINE_TWO)|(LINE_THREE), where LINE_N is a single line from your file.

func HUNT ¶

func HUNT(f *config.Flags) RequestFilter

Request filter * Detect IDOR params * * Following the HUNT Methodology (https://github.com/bugcrowd/HUNT): * We're looking for exact or non-exact (case insensitive) matches for keywords

func PopulateUserdata ¶

func PopulateUserdata(f *config.Flags) RequestFilter

Request filter * Write various params to UserData. * * UserData is a part of the proxy context. * It is passed to every request and response.

func SaveUrls ¶ added in v0.5.0

func SaveUrls(f *config.Flags) RequestFilter

Request filter * Save every in scope url to a file containing a list of URLs

func WriteReq ¶

func WriteReq(f *config.Flags) RequestFilter

Request filter * Write it to a uniquely named *.req file, in the output folder * * The only filter condition, wraps every line from your urls file * between braces and concatenates them, making the following regex: * (LINE_ONE)|(LINE_TWO)|(LINE_THREE), where LINE_N is a single line from your file.

type ResponseFilter ¶

type ResponseFilter struct {
	Conditions []goproxy.RespCondition
	Handler    goproxy.FuncRespHandler
}

func DetectRespSecrets ¶ added in v0.7.0

func DetectRespSecrets(f *config.Flags) ResponseFilter

Response filter * Detects secrets using regexs * * The only filter condition, wraps every line from your urls file * between braces and concatenates them, making the following regex: * (LINE_ONE)|(LINE_TWO)|(LINE_THREE), where LINE_N is a single line from your file.

func SaveJs ¶ added in v0.6.0

func SaveJs(f *config.Flags) ResponseFilter

Request filter * Detect javascript files and save them in a folder

func WriteResp ¶

func WriteResp(f *config.Flags) ResponseFilter

Response filter * Write it to a uniquely named *.res file, in the output folder * * The only filter condition, wraps every line from your urls file * between braces and concatenates them, making the following regex: * (LINE_ONE)|(LINE_TWO)|(LINE_THREE), where LINE_N is a single line from your file.

type UserData ¶

type UserData struct {
	ReqBody      string
	ReqDump      string
	FileChecksum string
	Host         string
	ReqURL       string
	SavedUrls    map[[20]byte]string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL