From 8c9a06d8df5fe45e2078e11c5fb460de66c3f04c Mon Sep 17 00:00:00 2001 From: Bug Bounty Zip <133497067+BugBountyzip@users.noreply.github.com> Date: Fri, 5 Apr 2024 01:35:45 +0300 Subject: [PATCH 1/3] Create Detect101SwitchingProtocols.bambda --- Proxy/HTTP/Detect101SwitchingProtocols.bambda | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 Proxy/HTTP/Detect101SwitchingProtocols.bambda diff --git a/Proxy/HTTP/Detect101SwitchingProtocols.bambda b/Proxy/HTTP/Detect101SwitchingProtocols.bambda new file mode 100644 index 0000000..b89de11 --- /dev/null +++ b/Proxy/HTTP/Detect101SwitchingProtocols.bambda @@ -0,0 +1,32 @@ +/** + * Bambda Script to Detect "101 Switching Protocols" in HTTP Response + @author Tur24Tur / BugBountyzip (https://github.com/BugBountyzip) + It identifies if the HTTP response status line contains "101 Switching Protocols". + * Upon detection, responses are highlighted in red and notes are appended, if enabled. + **/ + +boolean enableManualAnnotations = true; + +// Ensure there is a response +if (!requestResponse.hasResponse()) { + return false; +} + +boolean foundSwitchingProtocols = false; + +// Get the entire response as a string +String response = requestResponse.response().toString(); + +// Get the first line of the response +String firstLine = response.split("\n")[0]; + +// Check if the first line contains "101 Switching Protocols" +if (firstLine.contains("101 Switching Protocols")) { + foundSwitchingProtocols = true; + if (enableManualAnnotations) { + requestResponse.annotations().setHighlightColor(HighlightColor.RED); + requestResponse.annotations().setNotes("Detected '101 Switching Protocols' in response"); + } +} + +return foundSwitchingProtocols; From a529711a006dc3cabc1b52c3adf63656ca786e47 Mon Sep 17 00:00:00 2001 From: Bug Bounty Zip <133497067+BugBountyzip@users.noreply.github.com> Date: Fri, 5 Apr 2024 01:47:26 +0300 Subject: [PATCH 2/3] Create DetectServerNames.bambda --- Proxy/HTTP/DetectServerNames.bambda | 52 +++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 Proxy/HTTP/DetectServerNames.bambda diff --git a/Proxy/HTTP/DetectServerNames.bambda b/Proxy/HTTP/DetectServerNames.bambda new file mode 100644 index 0000000..1f8a20d --- /dev/null +++ b/Proxy/HTTP/DetectServerNames.bambda @@ -0,0 +1,52 @@ +/** + * Bambda Script to Detect Specific Server Names in HTTP Response +@author Tur24Tur / BugBountyzip (https://github.com/BugBountyzip) + It identifies if the 'Server' header of the HTTP response contains any of the specified server names. + * Upon detection, responses are highlighted in red and notes are appended, if enabled. + **/ + + boolean enableManualAnnotations = true; + + // My list of server names to detect + List serverNames = Arrays.asList( + "awselb", "Kestrel", "Apache", "Nginx", "Microsoft-IIS", "LiteSpeed", "Google Frontend", + "GWS", "openresty", "IBM_HTTP_Server", "AmazonS3", "CloudFront", "AkamaiGHost", "Jetty", + "Tengine", "lighttpd", "AOLserver", "ATS", "Boa", "Caddy", "Cherokee", "Caudium", "Hiawatha", + "GlassFish", "H2O", "httpd", "Jigsaw", "LiteSpeed", "Mongrel", "NCSA HTTPd", "Netscape Enterprise", + "Oracle iPlanet", "Pound", "Resin", "thttpd", "Tornado", "Varnish", "WebObjects", "Xitami", + "Zope", "Werkzeug", "WebSTAR", "WebSEAL", "WebServerX", "WebtoB", "Squid", "Sun Java System Web Server", + "Sun ONE Web Server", "Stronghold", "Zeus Web Server", "Zope", "Roxen", "RapidLogic", "Pramati", + "Phusion Passenger", "Oracle Containers for J2EE", "Oracle-Application-Server-10g", "Oracle-Application-Server-11g", + "Nostromo", "Novell-HTTP-Server", "NaviServer", "MochiWeb", "Microsoft-HTTPAPI", "Mbedthis-Appweb", + "Lotus-Domino", "LiteSpeed", "Kangle", "Joost", "Jino", "IceWarp", "IBM_HTTP_Server", "GoAhead", + "Flywheel", "EdgePrism", "DMS", "Cowboy", "CommuniGatePro", "CompaqHTTPServer", "CERN", "CauchoResin", + "Caddy", "BarracudaHTTP", "BaseHTTP", "AllegroServe", "Abyss", "4D_WebSTAR_S", "4D_WebSTAR_D", + "Yaws", "WDaemon", "Virtuoso", "UserLand", "TUX", "TwistedWeb", "TwistedWeb", "Thin", + "Thttpd", "Tengine", "Swiki", "SurgeLDAP", "Sun-ONE-Web-Server", "Sun-ONE-Application-Server", + "Sucuri/Cloudproxy", "SSWS", "SWS", "SW", "srv", "squid", "Spamfire", "SOMA", + "Snap", "SmugMug", "SME Server", "Smart-4-Hosting", "Sioux", "SilverStream", "Silk", "Siemens Gigaset WLAN Camera" +); + + // Ensure there is a response + if (!requestResponse.hasResponse()) { + return false; + } + + boolean foundServerName = false; + + // Get the entire response as a string + String response = requestResponse.response().toString(); + + // Check if the 'Server' header contains any of the specified server names + for (String serverName : serverNames) { + if (response.contains("Server: " + serverName)) { + foundServerName = true; + if (enableManualAnnotations) { + requestResponse.annotations().setHighlightColor(HighlightColor.RED); + requestResponse.annotations().setNotes("Detected '" + serverName + "' in 'Server' header"); + } + break; + } + } + + return foundServerName; From 72e5c6053c6c53dd87c94f13121c4ffead72483f Mon Sep 17 00:00:00 2001 From: Bug Bounty Zip <133497067+BugBountyzip@users.noreply.github.com> Date: Fri, 5 Apr 2024 03:11:30 +0300 Subject: [PATCH 3/3] Create DetectDeprecatedHTMLTags.bambda --- Proxy/HTTP/DetectDeprecatedHTMLTags.bambda | 50 ++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 Proxy/HTTP/DetectDeprecatedHTMLTags.bambda diff --git a/Proxy/HTTP/DetectDeprecatedHTMLTags.bambda b/Proxy/HTTP/DetectDeprecatedHTMLTags.bambda new file mode 100644 index 0000000..643b568 --- /dev/null +++ b/Proxy/HTTP/DetectDeprecatedHTMLTags.bambda @@ -0,0 +1,50 @@ +/** + * Bambda Script to Detect and Highlight Deprecated HTML Tags + * @author Tur24Tur / BugBountyzip (https://github.com/BugBountyzip) + * This script identifies deprecated HTML tags in HTTP responses. + * Upon detection, responses are highlighted in red and notes are appended, if enabled. + **/ + +boolean enableManualAnnotations = true; + +// Ensure there is a response +if (!requestResponse.hasResponse()) { + return false; +} + +// Get the Content-Type header of the response +String contentType = requestResponse.response().headerValue("Content-Type"); +if (contentType == null || !contentType.toLowerCase().contains("text/html")) { + // Ignore responses without a Content-Type header of text/html; charset=utf-8 + return false; +} + +String responseBody = requestResponse.response().bodyToString(); +boolean foundDeprecatedHTML = false; +StringBuilder notesBuilder = new StringBuilder(); + +// Expanded list of common deprecated HTML tags and attributes +List deprecatedHTML = Arrays.asList("applet", "basefont", "center", "dir", "font", "isindex", "menu", "strike", "u", "frame", "frameset", "marquee", "bgsound"); + +for (String deprecatedTag : deprecatedHTML) { + Pattern pattern = Pattern.compile("<\\s*" + deprecatedTag + "(\\s|>).+?<\\/\\s*" + deprecatedTag + "\\s*>", Pattern.CASE_INSENSITIVE | Pattern.DOTALL); + Matcher matcher = pattern.matcher(responseBody); + if (matcher.find()) { + foundDeprecatedHTML = true; + if (enableManualAnnotations) { + if (notesBuilder.length() > 0) { + notesBuilder.append(", "); + } + notesBuilder.append("Deprecated HTML detected: <").append(deprecatedTag).append(">"); + } + } +} + +if (foundDeprecatedHTML && enableManualAnnotations) { + requestResponse.annotations().setHighlightColor(HighlightColor.RED); + if (notesBuilder.length() > 0) { + requestResponse.annotations().setNotes(notesBuilder.toString()); + } +} + +return foundDeprecatedHTML;