File tree Expand file tree Collapse file tree 2 files changed +51
-0
lines changed Expand file tree Collapse file tree 2 files changed +51
-0
lines changed Original file line number Diff line number Diff line change 77require 'API_Fuzzer/request'
88require 'API_Fuzzer/engine'
99require 'API_Fuzzer/xxe_check'
10+ require 'API_Fuzzer/redirect_check'
11+ require 'API_Fuzzer/idor_check'
1012
1113module API_Fuzzer
1214 # Scans all the checks
@@ -18,6 +20,8 @@ def self.scan(options = {})
1820 vulnerabilities << API_Fuzzer ::XssCheck . scan ( options )
1921 vulnerabilities << API_Fuzzer ::SqlCheck . scan ( options )
2022 vulnerabilities << API_Fuzzer ::SqlBlindCheck . scan ( options )
23+ vulnerabilities << API_Fuzzer ::RedirectCheck . scan ( options )
24+ vulnerabilities << API_Fuzzer ::IdorCheck . scan ( options )
2125 API_Fuzzer ::XxeCheck . scan ( options )
2226 vulnerabilities . uniq . flatten
2327 end
Original file line number Diff line number Diff line change 1+ require 'API_Fuzzer/vulnerability'
2+ require 'API_Fuzzer/error'
3+ require 'API_Fuzzer/request'
4+
5+ module API_Fuzzer
6+ class IdorCheck
7+ class << self
8+ def scan ( options = { } )
9+ @url = options [ :url ]
10+ @params = options [ :params ]
11+ @methods = options [ :method ]
12+ @cookies = options [ :cookies ]
13+ @vulnerabilities = [ ]
14+
15+ fuzz_without_session
16+ @vulnerabilities . uniq { |vuln | vuln . description }
17+ end
18+
19+ def fuzz_without_session
20+ @methods . each do |method |
21+ response = API_Fuzzer ::Request . send_api_request (
22+ url : @url ,
23+ params : @params ,
24+ method : method ,
25+ cookies : @cookies
26+ )
27+
28+ response_without_session = API_Fuzzer ::Request . send_api_request (
29+ url : @url ,
30+ params : @params ,
31+ method : method
32+ )
33+
34+ fuzz_match ( response , response_without_session , method )
35+ end
36+ end
37+
38+ def fuzz_match ( resp , resp_without_session , method )
39+ @vulnerabilities << API_Fuzzer ::Vulnerability . new (
40+ type : 'HIGH' ,
41+ value : "API doesn't have session protection" ,
42+ description : "Possible IDOR in #{ method } #{ @url }
43+ ) if resp . body . to_s == resp_without_session . body . to_s
44+ end
45+ end
46+ end
47+ end
You can’t perform that action at this time.
0 commit comments