From 9c5426f0a7391d68500d930e756473b9d54a3477 Mon Sep 17 00:00:00 2001 From: wjoe Date: Mon, 5 Feb 2024 11:28:59 +0000 Subject: [PATCH 1/4] Initial commit --- Proxy/HTTP/FilterAuthenticated.bambda | 66 +++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 Proxy/HTTP/FilterAuthenticated.bambda diff --git a/Proxy/HTTP/FilterAuthenticated.bambda b/Proxy/HTTP/FilterAuthenticated.bambda new file mode 100644 index 0000000..9bec834 --- /dev/null +++ b/Proxy/HTTP/FilterAuthenticated.bambda @@ -0,0 +1,66 @@ +/** + * Filters authenticated 200 OK requests in Proxy HTTP history. See four config values below. + * + * @author joe-ds (https://github.com/joe-ds) + **/ + +if (!requestResponse.hasResponse()) { + return false; +} + +var configNoFilter = true; // If set to false, won't show JS, GIF, JPG, PNG, CSS. +var configNotInScopeOnly = true; // If set to false, won't show out-of-scope items. +var sessionCookieName = ""; // If given, will look for a cookie with that name. +var sessionCookieValue = ""; // If given, will check if cookie with sessionCookieName has this value. + +var request = requestResponse.request(); +var response = requestResponse.response(); +var mimeType = requestResponse.mimeType(); +var path = requestResponse.request().pathWithoutQuery().toLowerCase(); + +var inScope = requestResponse.request().isInScope(); + +var isAuthorised = response.isStatusCodeClass(StatusCodeClass.CLASS_2XX_SUCCESS); +var authHeader = request.hasHeader("Authorization"); + +var sessionCookie = false; +if (request.headerValue("Cookie") != null) { + if ((sessionCookieName.length() > 0) && (sessionCookieValue.length() > 0)) { + if (requestResponse.request().hasParameter(sessionCookieName, HttpParameterType.COOKIE)) { + sessionCookie = requestResponse.request().parameter(sessionCookieName, HttpParameterType.COOKIE).value().equals(sessionCookieValue); + } else { + sessionCookie = false; + } + } else if (sessionCookieName.length() > 0) { + if (requestResponse.request().hasParameter(sessionCookieName, HttpParameterType.COOKIE)) { + sessionCookie = true; + } else { + sessionCookie = false; + } + } else { + sessionCookie = false; + }; +} else { + sessionCookie = false; +} + +var filterDenyList = mimeType != MimeType.CSS + && mimeType != MimeType.IMAGE_UNKNOWN + && mimeType != MimeType.IMAGE_JPEG + && mimeType != MimeType.IMAGE_GIF + && mimeType != MimeType.IMAGE_PNG + && mimeType != MimeType.IMAGE_BMP + && mimeType != MimeType.IMAGE_TIFF + && mimeType != MimeType.UNRECOGNIZED + && mimeType != MimeType.SOUND + && mimeType != MimeType.VIDEO + && mimeType != MimeType.FONT_WOFF + && mimeType != MimeType.FONT_WOFF2 + && mimeType != MimeType.APPLICATION_UNKNOWN + && !path.endsWith(".js") + && !path.endsWith(".gif") + && !path.endsWith(".jpg") + && !path.endsWith(".png") + && !path.endsWith(".css"); + +return isAuthorised && (authHeader || sessionCookie) && (configNoFilter || filterDenyList) && (configNotInScopeOnly || inScope); From 08245d6e43da1bdc8240486857d28a7112ff6ad9 Mon Sep 17 00:00:00 2001 From: joe-ds Date: Mon, 5 Feb 2024 16:42:10 +0000 Subject: [PATCH 2/4] Made recommended changes. --- Proxy/HTTP/FilterAuthenticated.bambda | 42 ++++++++------------------- 1 file changed, 12 insertions(+), 30 deletions(-) diff --git a/Proxy/HTTP/FilterAuthenticated.bambda b/Proxy/HTTP/FilterAuthenticated.bambda index 9bec834..c91efa3 100644 --- a/Proxy/HTTP/FilterAuthenticated.bambda +++ b/Proxy/HTTP/FilterAuthenticated.bambda @@ -4,7 +4,10 @@ * @author joe-ds (https://github.com/joe-ds) **/ -if (!requestResponse.hasResponse()) { +var request = requestResponse.request(); +var response = requestResponse.response(); + +if (!response.isStatusCodeClass(StatusCodeClass.CLASS_2XX_SUCCESS) || !requestResponse.hasResponse()) { return false; } @@ -13,37 +16,16 @@ var configNotInScopeOnly = true; // If set to false, won't show out-of-scope it var sessionCookieName = ""; // If given, will look for a cookie with that name. var sessionCookieValue = ""; // If given, will check if cookie with sessionCookieName has this value. -var request = requestResponse.request(); -var response = requestResponse.response(); -var mimeType = requestResponse.mimeType(); -var path = requestResponse.request().pathWithoutQuery().toLowerCase(); - -var inScope = requestResponse.request().isInScope(); - -var isAuthorised = response.isStatusCodeClass(StatusCodeClass.CLASS_2XX_SUCCESS); +var inScope = request.isInScope(); var authHeader = request.hasHeader("Authorization"); -var sessionCookie = false; -if (request.headerValue("Cookie") != null) { - if ((sessionCookieName.length() > 0) && (sessionCookieValue.length() > 0)) { - if (requestResponse.request().hasParameter(sessionCookieName, HttpParameterType.COOKIE)) { - sessionCookie = requestResponse.request().parameter(sessionCookieName, HttpParameterType.COOKIE).value().equals(sessionCookieValue); - } else { - sessionCookie = false; - } - } else if (sessionCookieName.length() > 0) { - if (requestResponse.request().hasParameter(sessionCookieName, HttpParameterType.COOKIE)) { - sessionCookie = true; - } else { - sessionCookie = false; - } - } else { - sessionCookie = false; - }; -} else { - sessionCookie = false; -} +boolean sessionCookie = request.headerValue("Cookie") != null + && !sessionCookieName.isEmpty() + && request.hasParameter(sessionCookieName, HttpParameterType.COOKIE) + && (sessionCookieValue.isEmpty() || sessionCookieValue.equals(request.parameter(sessionCookieName, HttpParameterType.COOKIE).value())); +var path = requestResponse.request().pathWithoutQuery().toLowerCase(); +var mimeType = requestResponse.mimeType(); var filterDenyList = mimeType != MimeType.CSS && mimeType != MimeType.IMAGE_UNKNOWN && mimeType != MimeType.IMAGE_JPEG @@ -63,4 +45,4 @@ var filterDenyList = mimeType != MimeType.CSS && !path.endsWith(".png") && !path.endsWith(".css"); -return isAuthorised && (authHeader || sessionCookie) && (configNoFilter || filterDenyList) && (configNotInScopeOnly || inScope); +return (authHeader || sessionCookie) && (configNoFilter || filterDenyList) && (configNotInScopeOnly || inScope); \ No newline at end of file From 4d2a932f0c7e946bf0e80f9540924113e5090472 Mon Sep 17 00:00:00 2001 From: joe-ds Date: Tue, 6 Feb 2024 13:00:32 +0000 Subject: [PATCH 3/4] Second round of changes. --- Proxy/HTTP/FilterAuthenticated.bambda | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/Proxy/HTTP/FilterAuthenticated.bambda b/Proxy/HTTP/FilterAuthenticated.bambda index c91efa3..13302f9 100644 --- a/Proxy/HTTP/FilterAuthenticated.bambda +++ b/Proxy/HTTP/FilterAuthenticated.bambda @@ -4,10 +4,14 @@ * @author joe-ds (https://github.com/joe-ds) **/ +if (!requestResponse.hasResponse()) { + return false; +} + var request = requestResponse.request(); var response = requestResponse.response(); -if (!response.isStatusCodeClass(StatusCodeClass.CLASS_2XX_SUCCESS) || !requestResponse.hasResponse()) { +if (!response.isStatusCodeClass(StatusCodeClass.CLASS_2XX_SUCCESS)) { return false; } @@ -16,7 +20,6 @@ var configNotInScopeOnly = true; // If set to false, won't show out-of-scope it var sessionCookieName = ""; // If given, will look for a cookie with that name. var sessionCookieValue = ""; // If given, will check if cookie with sessionCookieName has this value. -var inScope = request.isInScope(); var authHeader = request.hasHeader("Authorization"); boolean sessionCookie = request.headerValue("Cookie") != null @@ -24,7 +27,7 @@ boolean sessionCookie = request.headerValue("Cookie") != null && request.hasParameter(sessionCookieName, HttpParameterType.COOKIE) && (sessionCookieValue.isEmpty() || sessionCookieValue.equals(request.parameter(sessionCookieName, HttpParameterType.COOKIE).value())); -var path = requestResponse.request().pathWithoutQuery().toLowerCase(); +var path = request.pathWithoutQuery().toLowerCase(); var mimeType = requestResponse.mimeType(); var filterDenyList = mimeType != MimeType.CSS && mimeType != MimeType.IMAGE_UNKNOWN @@ -45,4 +48,4 @@ var filterDenyList = mimeType != MimeType.CSS && !path.endsWith(".png") && !path.endsWith(".css"); -return (authHeader || sessionCookie) && (configNoFilter || filterDenyList) && (configNotInScopeOnly || inScope); \ No newline at end of file +return (authHeader || sessionCookie) && (configNoFilter || filterDenyList) && (configNotInScopeOnly || request.isInScope()); \ No newline at end of file From 0976bbc01e90b62814b99250aea888261e58d7dd Mon Sep 17 00:00:00 2001 From: joe-ds Date: Tue, 6 Feb 2024 15:44:14 +0000 Subject: [PATCH 4/4] Moved config variables to the top. --- Proxy/HTTP/FilterAuthenticated.bambda | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Proxy/HTTP/FilterAuthenticated.bambda b/Proxy/HTTP/FilterAuthenticated.bambda index 13302f9..ac3f894 100644 --- a/Proxy/HTTP/FilterAuthenticated.bambda +++ b/Proxy/HTTP/FilterAuthenticated.bambda @@ -4,6 +4,11 @@ * @author joe-ds (https://github.com/joe-ds) **/ +var configNoFilter = true; // If set to false, won't show JS, GIF, JPG, PNG, CSS. +var configNotInScopeOnly = true; // If set to false, won't show out-of-scope items. +var sessionCookieName = ""; // If given, will look for a cookie with that name. +var sessionCookieValue = ""; // If given, will check if cookie with sessionCookieName has this value. + if (!requestResponse.hasResponse()) { return false; } @@ -15,11 +20,6 @@ if (!response.isStatusCodeClass(StatusCodeClass.CLASS_2XX_SUCCESS)) { return false; } -var configNoFilter = true; // If set to false, won't show JS, GIF, JPG, PNG, CSS. -var configNotInScopeOnly = true; // If set to false, won't show out-of-scope items. -var sessionCookieName = ""; // If given, will look for a cookie with that name. -var sessionCookieValue = ""; // If given, will check if cookie with sessionCookieName has this value. - var authHeader = request.hasHeader("Authorization"); boolean sessionCookie = request.headerValue("Cookie") != null