Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create OWASPTop25VulnerableParameters.bambda #21

Merged
merged 3 commits into from
Dec 4, 2023
Merged

Create OWASPTop25VulnerableParameters.bambda #21

merged 3 commits into from
Dec 4, 2023

Conversation

BugBountyzip
Copy link
Contributor

@BugBountyzip BugBountyzip commented Dec 3, 2023
edited
Loading

This .bambda file serves as a filter for the Burp Suite tool, identifying HTTP requests with parameters listed in the OWASP Top 25 vulnerabilities. It's designed to help security professionals quickly pinpoint potentially risky parameters.

Bambda Contributions

  • Bambda has a valid header, featuring an @author annotation and suitable description
  • Bambda compiles and executes as expected
  • Only .bambda files have been added or modified (README.md files are automatically updated / generated after PR merge)

@BugBountyzip
Create OWASPTop25VulnerableParameters.bambda
77830fb 
This `.bambda` file serves as a filter for the Burp Suite tool, identifying HTTP requests with parameters listed in the OWASP Top 25 vulnerabilities. It's designed to help security professionals quickly pinpoint potentially risky parameters.
ps-porpoise
ps-porpoise reviewed Dec 3, 2023
View reviewed changes
Copy link
Contributor

@ps-porpoise ps-porpoise left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey BugBountyzip, this looks like a great submission - thanks!

My main suggestion is that the logic can be simplified using the hasParameter method on the HttpRequest object, this should avoid having to manually parse out elements from the URL / body.

For example:

var parameterNames = Set.of("dest", "redirect", "uri"); // ...
var request = requestResponse.request();

for (String param : parameterNames) {
    if (request.hasParameter(param, HttpParameterType.URL) || request.hasParameter(param, HttpParameterType.BODY)) {
        return true;
    }
}

return false;

@BugBountyzip
Copy link
Contributor Author

Hello,

Thank you for your valuable feedback on my previous submission. Based on your suggestions, I have made the following updates to the Bambda:

  1. I have utilized a Set to store the list of vulnerable parameters. This approach helps to efficiently manage the parameters and ensures that there are no duplicates, which aligns with the best practices for handling collections in Java.

  2. I have carefully reviewed the list of parameters and removed any duplicates that were previously present. This step was necessary to resolve the IllegalArgumentException caused by duplicate elements in the Set.

  3. I have implemented the hasParameter method as per your guidance. This method enhances the code by streamlining the process of checking for the presence of vulnerable parameters in both the URL and the body of the HTTP request.

I believe these changes have significantly improved the functionality and efficiency of the Bambda. I look forward to any further suggestions or feedback you might have.

Thank you once again for your guidance and support.


/**
 * Filters Proxy HTTP history for requests with vulnerable parameters based on the OWASP Top 25
 * Author: Tur24Tur
 * GitHub: @BugBountyzip BugBountyzip (https://github.com/BugBountyzip)
 **/

// Define the vulnerable parameters as a Set based on OWASP Top 25
Set<String> parameterNames = Set.of(
    // SSRF parameters
    "dest", "redirect", "uri", "continue", "url", "window", "data",
    "reference", "site", "html", "val", "validate", "domain", "callback", "return",
    "page", "feed", "host", "port", "to", "out", "dir",
    // SQL injection parameters
    "id", "select", "report", "search", "category", "file", "class", "news",
    "item", "menu", "ref", "title", "topic", "thread",
    "form", "main", "nav", "region",
    // XSS parameters
    "q", "s", "lang", "keyword", "keywords", "year", "email",
    "type", "name", "p", "month", "image", "list_type", "terms", "categoryid", "key",
    "l", "begindate", "enddate",
    // LFI parameters
    "cat", "action", "board", "date", "detail", "download", "path", "folder",
    "prefix", "include", "inc", "locate", "show", "doc", "view",
    "content", "document", "layout", "mod", "conf",
    // Open Redirect parameters
    "next", "target", "rurl", "destination", "redir", "redirect_uri",
    "redirect_url", "image_url", "go",
    "returnTo", "return_to", "checkout_url", "return_path",
    // RCE parameters
    "cmd", "exec", "command", "execute", "ping", "query", "jump", "code", "reg", "do",
    "func", "arg", "option", "load", "process", "step", "read", "feature", "exe",
    "module", "payload", "run", "print"
);

// Get the request object
var request = requestResponse.request();

// Iterate through each parameter name and check if it exists in the request URL or body
for (String param : parameterNames) {
    if (request.hasParameter(param, HttpParameterType.URL) || 
        request.hasParameter(param, HttpParameterType.BODY)) {
        return true;
    }
}

return false;

@BugBountyzip
Update OWASPTop25VulnerableParameters.bambda
7cf82e2 
I have utilized a Set to store the list of vulnerable parameters. This approach helps to efficiently manage the parameters and ensures that there are no duplicates, which aligns with the best practices for handling collections in Java.

 I have carefully reviewed the list of parameters and removed any duplicates that were previously present. This step was necessary to resolve the IllegalArgumentException caused by duplicate elements in the Set.

I have implemented the hasParameter method as per your guidance. This method enhances the code by streamlining the process of checking for the presence of vulnerable parameters in both the URL and the body of the HTTP request.
PortSwiggerWiener
PortSwiggerWiener approved these changes Dec 4, 2023
View reviewed changes
Copy link
Collaborator

@PortSwiggerWiener PortSwiggerWiener left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many thanks for your submission and making the suggested changes.

Looks good 👍

ps-porpoise
ps-porpoise approved these changes Dec 4, 2023
View reviewed changes
Copy link
Contributor

@ps-porpoise ps-porpoise left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Thanks for making the changes!

@ps-porpoise ps-porpoise merged commit 9e23c1e into PortSwigger:main Dec 4, 2023
2 checks passed
@BugBountyzip
Copy link
Contributor Author

Thank you. @PortSwiggerWiener , @ps-porpoise.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ps-porpoise ps-porpoise ps-porpoise approved these changes

@PortSwiggerWiener PortSwiggerWiener PortSwiggerWiener approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@BugBountyzip @PortSwiggerWiener @ps-porpoise