Create DetectWeakReferrerPolicy.bambda

It ensures there is a response and scans the headers for either the absence of the Referrer-Policy header or the presence of policies that may expose sensitive referrer information.
PortSwigger · Dec 18, 2024 · 76a5d38 · 76a5d38
1 parent e1154e5
commit 76a5d38
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/Filter/Proxy/HTTP/DetectWeakReferrerPolicy.bambda b/Filter/Proxy/HTTP/DetectWeakReferrerPolicy.bambda
@@ -0,0 +1,24 @@
+/**
+ * Bambda Script to Detect "Weak or Missing Referrer-Policy" Header in HTTP Response
+ * @author ctflearner
+ * This script checks if the HTTP response lacks the "Referrer-Policy" header or uses a weak policy, 
+ * such as "no-referrer-when-downgrade" or "unsafe-url". 
+ * It ensures there is a response and scans the headers for either the absence of the Referrer-Policy header 
+ * or the presence of policies that may expose sensitive referrer information.
+ **/
+
+
+return requestResponse.hasResponse() && (
+    // No Referrer-Policy header
+    requestResponse.response().headers().stream()
+        .noneMatch(header -> header.name().equalsIgnoreCase("Referrer-Policy")) ||
+
+    // Check for potentially weak referrer policies
+    requestResponse.response().headers().stream()
+        .filter(header -> header.name().equalsIgnoreCase("Referrer-Policy"))
+        .anyMatch(header -> {
+            String value = header.value().toLowerCase().trim();
+            return value.equals("no-referrer-when-downgrade") ||
+                   value.equals("unsafe-url");
+        })
+);