Improve origin check

jaeles-project · Nov 16, 2020 · cbae89f · cbae89f
1 parent 1d83cbe
commit cbae89f
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 2 deletions.
diff --git a/core/detecter.go b/core/detecter.go
@@ -39,6 +39,15 @@ func (r *Record) RequestScripts(scriptType string, scripts []string) bool {
 		return result
 	})
 
+	// Component get component content
+	vm.Set("Component", func(call otto.FunctionCall) otto.Value {
+		componentName := call.Argument(0).String()
+		content := GetComponent(record, componentName)
+		fmt.Println(content)
+		result, _ := vm.ToValue(true)
+		return result
+	})
+
 	vm.Set("PrintVarf", func(call otto.FunctionCall) otto.Value {
 		varName := call.Argument(0).String()
 		fmt.Println(record.Request.Target[varName])
@@ -512,8 +521,19 @@ func GetComponent(record Record, component string) string {
 	utils.DebugF("Get Component: %v", component)
 	switch component {
 	case "orequest":
+
 		return record.OriginReq.Beautify
-	case "oresponse":
+	case "oresheaders", "oheaders", "ohead", "oresheader":
+		beautifyHeader := fmt.Sprintf("%v \n", record.OriginRes.Status)
+		for _, header := range record.OriginRes.Headers {
+			for key, value := range header {
+				beautifyHeader += fmt.Sprintf("%v: %v\n", key, value)
+			}
+		}
+		return beautifyHeader
+	case "obody", "oresbody":
+		return record.OriginRes.Body
+	case "oresponse", "ores":
 		return record.OriginRes.Beautify
 	case "request":
 		return record.Request.Beautify
@@ -572,6 +592,7 @@ func RegexSearch(component string, analyzeString string) (string, bool) {
 		result = true
 		extra = strings.Join(matches, "\n")
 	}
+	utils.DebugF("Component: %v", component)
 	utils.DebugF("analyzeRegex: %v -- %v", analyzeString, result)
 	return extra, result
 }

diff --git a/core/runner.go b/core/runner.go
@@ -109,6 +109,9 @@ func (r *Runner) GetRequests() {
 			rec.Request.Target = r.Target
 			rec.Sign = r.Sign
 			rec.Opt = r.Opt
+			// assign origins here
+			rec.OriginReq = r.Origin.Request
+			rec.OriginRes = r.Origin.Response
 
 			r.Records = append(r.Records, rec)
 		}

diff --git a/libs/version.go b/libs/version.go
@@ -2,7 +2,7 @@ package libs
 
 const (
 	// VERSION current Jaeles version
-	VERSION = "beta v0.14.4"
+	VERSION = "beta v0.14.5"
 	// AUTHOR author of this
 	AUTHOR = "@j3ssiejjj"
 	// DOCS link to official documentation

diff --git a/test-signatures/with-origin.yaml b/test-signatures/with-origin.yaml
@@ -0,0 +1,34 @@
+id: sensitive-dotfile-01
+donce: true
+info:
+  name: Common Dot Secret Files (Without Extension)
+  risk: Potential
+  confidence: Tentative
+
+params:
+  - root: "{{.BaseURL}}"
+
+origin:
+  method: GET
+  redirect: false
+  headers:
+    - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
+  url: >-
+    {{.BaseURL}}/.hopefullyget404
+
+variables:
+  - secret: |
+      .7z
+      .DS_Store
+requests:
+  - method: GET
+    redirect: false
+    headers:
+      - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3984.0 Safari/537.36
+    url: >-
+      {{.root}}/{{.secret}}
+    detections:
+      # - >-
+        # StatusCode() == 200 && !RegexSearch("response", "(?i)(Oops!|Whoops!|AutodiscoverService|not\sfound|Request\sRejected|Access\sDenied|a\sbad\sURL|has\sbeen\slocked)") && (RegexSearch("resHeaders", ".*Content-Type:.*octet-stream") || RegexSearch("resHeaders", "text/plain")) && (Math.abs(ContentLength() - OriginContentLength()) > 100) && !RegexSearch("body", "(?i)(\<\!doctype|\<html|\<head|\<body)") && ContentLength('body') > 100 && !RegexSearch("oHeaders", "(?m)text/plain")
+      - >-
+        Component('obody') && Component('oHeaders') && Component('ores')