From 8c9a06d8df5fe45e2078e11c5fb460de66c3f04c Mon Sep 17 00:00:00 2001
From: Bug Bounty Zip <133497067+BugBountyzip@users.noreply.github.com>
Date: Fri, 5 Apr 2024 01:35:45 +0300
Subject: [PATCH 1/5] Create Detect101SwitchingProtocols.bambda

---
 Proxy/HTTP/Detect101SwitchingProtocols.bambda | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 Proxy/HTTP/Detect101SwitchingProtocols.bambda

diff --git a/Proxy/HTTP/Detect101SwitchingProtocols.bambda b/Proxy/HTTP/Detect101SwitchingProtocols.bambda
new file mode 100644
index 0000000..b89de11
--- /dev/null
+++ b/Proxy/HTTP/Detect101SwitchingProtocols.bambda
@@ -0,0 +1,32 @@
+/**
+ * Bambda Script to Detect "101 Switching Protocols" in HTTP Response
+  @author Tur24Tur / BugBountyzip (https://github.com/BugBountyzip)
+  It identifies if the HTTP response status line contains "101 Switching Protocols".
+ * Upon detection, responses are highlighted in red and notes are appended, if enabled.
+ **/
+
+boolean enableManualAnnotations = true;
+
+// Ensure there is a response
+if (!requestResponse.hasResponse()) {
+    return false;
+}
+
+boolean foundSwitchingProtocols = false;
+
+// Get the entire response as a string
+String response = requestResponse.response().toString();
+
+// Get the first line of the response
+String firstLine = response.split("\n")[0];
+
+// Check if the first line contains "101 Switching Protocols"
+if (firstLine.contains("101 Switching Protocols")) {
+    foundSwitchingProtocols = true;
+    if (enableManualAnnotations) {
+        requestResponse.annotations().setHighlightColor(HighlightColor.RED);
+        requestResponse.annotations().setNotes("Detected '101 Switching Protocols' in response");
+    }
+}
+
+return foundSwitchingProtocols;

From a529711a006dc3cabc1b52c3adf63656ca786e47 Mon Sep 17 00:00:00 2001
From: Bug Bounty Zip <133497067+BugBountyzip@users.noreply.github.com>
Date: Fri, 5 Apr 2024 01:47:26 +0300
Subject: [PATCH 2/5] Create DetectServerNames.bambda

---
 Proxy/HTTP/DetectServerNames.bambda | 52 +++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 Proxy/HTTP/DetectServerNames.bambda

diff --git a/Proxy/HTTP/DetectServerNames.bambda b/Proxy/HTTP/DetectServerNames.bambda
new file mode 100644
index 0000000..1f8a20d
--- /dev/null
+++ b/Proxy/HTTP/DetectServerNames.bambda
@@ -0,0 +1,52 @@
+/**
+ * Bambda Script to Detect Specific Server Names in HTTP Response
+@author Tur24Tur / BugBountyzip (https://github.com/BugBountyzip)
+  It identifies if the 'Server' header of the HTTP response contains any of the specified server names.
+ * Upon detection, responses are highlighted in red and notes are appended, if enabled.
+ **/
+
+  boolean enableManualAnnotations = true;
+
+  // My list of server names to detect
+  List<String> serverNames = Arrays.asList(
+    "awselb", "Kestrel", "Apache", "Nginx", "Microsoft-IIS", "LiteSpeed", "Google Frontend", 
+    "GWS", "openresty", "IBM_HTTP_Server", "AmazonS3", "CloudFront", "AkamaiGHost", "Jetty", 
+    "Tengine", "lighttpd", "AOLserver", "ATS", "Boa", "Caddy", "Cherokee", "Caudium", "Hiawatha", 
+    "GlassFish", "H2O", "httpd", "Jigsaw", "LiteSpeed", "Mongrel", "NCSA HTTPd", "Netscape Enterprise", 
+    "Oracle iPlanet", "Pound", "Resin", "thttpd", "Tornado", "Varnish", "WebObjects", "Xitami", 
+    "Zope", "Werkzeug", "WebSTAR", "WebSEAL", "WebServerX", "WebtoB", "Squid", "Sun Java System Web Server", 
+    "Sun ONE Web Server", "Stronghold", "Zeus Web Server", "Zope", "Roxen", "RapidLogic", "Pramati", 
+    "Phusion Passenger", "Oracle Containers for J2EE", "Oracle-Application-Server-10g", "Oracle-Application-Server-11g", 
+    "Nostromo", "Novell-HTTP-Server", "NaviServer", "MochiWeb", "Microsoft-HTTPAPI", "Mbedthis-Appweb", 
+    "Lotus-Domino", "LiteSpeed", "Kangle", "Joost", "Jino", "IceWarp", "IBM_HTTP_Server", "GoAhead", 
+    "Flywheel", "EdgePrism", "DMS", "Cowboy", "CommuniGatePro", "CompaqHTTPServer", "CERN", "CauchoResin", 
+    "Caddy", "BarracudaHTTP", "BaseHTTP", "AllegroServe", "Abyss", "4D_WebSTAR_S", "4D_WebSTAR_D", 
+    "Yaws", "WDaemon", "Virtuoso", "UserLand", "TUX", "TwistedWeb", "TwistedWeb", "Thin", 
+    "Thttpd", "Tengine", "Swiki", "SurgeLDAP", "Sun-ONE-Web-Server", "Sun-ONE-Application-Server", 
+    "Sucuri/Cloudproxy", "SSWS", "SWS", "SW", "srv", "squid", "Spamfire", "SOMA", 
+    "Snap", "SmugMug", "SME Server", "Smart-4-Hosting", "Sioux", "SilverStream", "Silk", "Siemens Gigaset WLAN Camera"
+);
+  
+  // Ensure there is a response
+  if (!requestResponse.hasResponse()) {
+      return false;
+  }
+  
+  boolean foundServerName = false;
+  
+  // Get the entire response as a string
+  String response = requestResponse.response().toString();
+  
+  // Check if the 'Server' header contains any of the specified server names
+  for (String serverName : serverNames) {
+      if (response.contains("Server: " + serverName)) {
+          foundServerName = true;
+          if (enableManualAnnotations) {
+              requestResponse.annotations().setHighlightColor(HighlightColor.RED);
+              requestResponse.annotations().setNotes("Detected '" + serverName + "' in 'Server' header");
+          }
+          break;
+      }
+  }
+  
+  return foundServerName;

From 65f7a08c2fa8bd23fd398d7dac7839c14fc1de25 Mon Sep 17 00:00:00 2001
From: Bug Bounty Zip <133497067+BugBountyzip@users.noreply.github.com>
Date: Fri, 5 Apr 2024 18:20:01 +0300
Subject: [PATCH 3/5] Update Detect101SwitchingProtocols.bambda

---
 Proxy/HTTP/Detect101SwitchingProtocols.bambda | 32 +++----------------
 1 file changed, 4 insertions(+), 28 deletions(-)

diff --git a/Proxy/HTTP/Detect101SwitchingProtocols.bambda b/Proxy/HTTP/Detect101SwitchingProtocols.bambda
index b89de11..f1e33e5 100644
--- a/Proxy/HTTP/Detect101SwitchingProtocols.bambda
+++ b/Proxy/HTTP/Detect101SwitchingProtocols.bambda
@@ -1,32 +1,8 @@
 /**
  * Bambda Script to Detect "101 Switching Protocols" in HTTP Response
-  @author Tur24Tur / BugBountyzip (https://github.com/BugBountyzip)
-  It identifies if the HTTP response status line contains "101 Switching Protocols".
- * Upon detection, responses are highlighted in red and notes are appended, if enabled.
+ * @author Tur24Tur / BugBountyzip (https://github.com/BugBountyzip)
+ * It identifies if the HTTP response status code is 101 (Switching Protocols).
  **/
 
-boolean enableManualAnnotations = true;
-
-// Ensure there is a response
-if (!requestResponse.hasResponse()) {
-    return false;
-}
-
-boolean foundSwitchingProtocols = false;
-
-// Get the entire response as a string
-String response = requestResponse.response().toString();
-
-// Get the first line of the response
-String firstLine = response.split("\n")[0];
-
-// Check if the first line contains "101 Switching Protocols"
-if (firstLine.contains("101 Switching Protocols")) {
-    foundSwitchingProtocols = true;
-    if (enableManualAnnotations) {
-        requestResponse.annotations().setHighlightColor(HighlightColor.RED);
-        requestResponse.annotations().setNotes("Detected '101 Switching Protocols' in response");
-    }
-}
-
-return foundSwitchingProtocols;
+// Ensure there is a response and check if the status code is 101
+return requestResponse.hasResponse() && requestResponse.response().statusCode() == 101;

From 7f751b54ac533a692cc2d5ec57b0b03a2b6fad4e Mon Sep 17 00:00:00 2001
From: Hannah-PortSwigger
 <58562826+Hannah-PortSwigger@users.noreply.github.com>
Date: Mon, 8 Apr 2024 10:22:11 +0100
Subject: [PATCH 4/5] Remove DetectServerNames.bambda

---
 Proxy/HTTP/DetectServerNames.bambda | 52 -----------------------------
 1 file changed, 52 deletions(-)
 delete mode 100644 Proxy/HTTP/DetectServerNames.bambda

diff --git a/Proxy/HTTP/DetectServerNames.bambda b/Proxy/HTTP/DetectServerNames.bambda
deleted file mode 100644
index 1f8a20d..0000000
--- a/Proxy/HTTP/DetectServerNames.bambda
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Bambda Script to Detect Specific Server Names in HTTP Response
-@author Tur24Tur / BugBountyzip (https://github.com/BugBountyzip)
-  It identifies if the 'Server' header of the HTTP response contains any of the specified server names.
- * Upon detection, responses are highlighted in red and notes are appended, if enabled.
- **/
-
-  boolean enableManualAnnotations = true;
-
-  // My list of server names to detect
-  List<String> serverNames = Arrays.asList(
-    "awselb", "Kestrel", "Apache", "Nginx", "Microsoft-IIS", "LiteSpeed", "Google Frontend", 
-    "GWS", "openresty", "IBM_HTTP_Server", "AmazonS3", "CloudFront", "AkamaiGHost", "Jetty", 
-    "Tengine", "lighttpd", "AOLserver", "ATS", "Boa", "Caddy", "Cherokee", "Caudium", "Hiawatha", 
-    "GlassFish", "H2O", "httpd", "Jigsaw", "LiteSpeed", "Mongrel", "NCSA HTTPd", "Netscape Enterprise", 
-    "Oracle iPlanet", "Pound", "Resin", "thttpd", "Tornado", "Varnish", "WebObjects", "Xitami", 
-    "Zope", "Werkzeug", "WebSTAR", "WebSEAL", "WebServerX", "WebtoB", "Squid", "Sun Java System Web Server", 
-    "Sun ONE Web Server", "Stronghold", "Zeus Web Server", "Zope", "Roxen", "RapidLogic", "Pramati", 
-    "Phusion Passenger", "Oracle Containers for J2EE", "Oracle-Application-Server-10g", "Oracle-Application-Server-11g", 
-    "Nostromo", "Novell-HTTP-Server", "NaviServer", "MochiWeb", "Microsoft-HTTPAPI", "Mbedthis-Appweb", 
-    "Lotus-Domino", "LiteSpeed", "Kangle", "Joost", "Jino", "IceWarp", "IBM_HTTP_Server", "GoAhead", 
-    "Flywheel", "EdgePrism", "DMS", "Cowboy", "CommuniGatePro", "CompaqHTTPServer", "CERN", "CauchoResin", 
-    "Caddy", "BarracudaHTTP", "BaseHTTP", "AllegroServe", "Abyss", "4D_WebSTAR_S", "4D_WebSTAR_D", 
-    "Yaws", "WDaemon", "Virtuoso", "UserLand", "TUX", "TwistedWeb", "TwistedWeb", "Thin", 
-    "Thttpd", "Tengine", "Swiki", "SurgeLDAP", "Sun-ONE-Web-Server", "Sun-ONE-Application-Server", 
-    "Sucuri/Cloudproxy", "SSWS", "SWS", "SW", "srv", "squid", "Spamfire", "SOMA", 
-    "Snap", "SmugMug", "SME Server", "Smart-4-Hosting", "Sioux", "SilverStream", "Silk", "Siemens Gigaset WLAN Camera"
-);
-  
-  // Ensure there is a response
-  if (!requestResponse.hasResponse()) {
-      return false;
-  }
-  
-  boolean foundServerName = false;
-  
-  // Get the entire response as a string
-  String response = requestResponse.response().toString();
-  
-  // Check if the 'Server' header contains any of the specified server names
-  for (String serverName : serverNames) {
-      if (response.contains("Server: " + serverName)) {
-          foundServerName = true;
-          if (enableManualAnnotations) {
-              requestResponse.annotations().setHighlightColor(HighlightColor.RED);
-              requestResponse.annotations().setNotes("Detected '" + serverName + "' in 'Server' header");
-          }
-          break;
-      }
-  }
-  
-  return foundServerName;

From c14903d23b2b4917db4dace3fd8843b3ab47658c Mon Sep 17 00:00:00 2001
From: ps-porpoise <152162390+ps-porpoise@users.noreply.github.com>
Date: Mon, 8 Apr 2024 10:27:33 +0100
Subject: [PATCH 5/5] Move 101 status code bambda to new filter directory.

---
 {Proxy => Filter/Proxy}/HTTP/Detect101SwitchingProtocols.bambda | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename {Proxy => Filter/Proxy}/HTTP/Detect101SwitchingProtocols.bambda (100%)

diff --git a/Proxy/HTTP/Detect101SwitchingProtocols.bambda b/Filter/Proxy/HTTP/Detect101SwitchingProtocols.bambda
similarity index 100%
rename from Proxy/HTTP/Detect101SwitchingProtocols.bambda
rename to Filter/Proxy/HTTP/Detect101SwitchingProtocols.bambda