0.4.36: erased logical flaw

Hackmanit · Aug 13, 2021 · 7b3608d · 7b3608d
1 parent f32d7e0
commit 7b3608d
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 151 deletions.
diff --git a/pkg/config.go b/pkg/config.go
@@ -78,10 +78,9 @@ type (
 		//HitMissVerbose bool
 		//HitMissTime    bool
 
-		NoCache             bool
-		Indicator           string
-		TimeIndicator       bool
-		ReflectionIndicator bool
+		NoCache       bool
+		Indicator     string
+		TimeIndicator bool
 	}
 )
 

diff --git a/pkg/recon.go b/pkg/recon.go
@@ -222,7 +222,7 @@ func CheckCache(stat string) (CacheStruct, []error) {
 		}
 	}
 
-	if cache.Indicator == "" && !cache.TimeIndicator && !cache.ReflectionIndicator {
+	if cache.Indicator == "" && !cache.TimeIndicator {
 		msg := "No cache indicator could be found"
 		Print(msg+"\n", Yellow)
 		errSlice = append(errSlice, errors.New(strings.ToLower(msg)))
@@ -243,7 +243,7 @@ func CheckCache(stat string) (CacheStruct, []error) {
 		}
 	}
 
-	if (!cache.CBwasFound || (cache.Indicator == "" && !cache.TimeIndicator && !cache.ReflectionIndicator)) && !Config.Force {
+	if (!cache.CBwasFound || (cache.Indicator == "" && !cache.TimeIndicator)) && !Config.Force {
 		msg := "Use -f/-force to force the test\n"
 		Print(msg, Yellow)
 	}
@@ -340,11 +340,9 @@ func cachebusterCookie(cache *CacheStruct) []error {
 		var times []int64
 
 		if cache.Indicator == "" {
-			// No Cache Indicator was found. So time and reflection will be used as Indicator
+			// No Cache Indicator was found. So time will be used as Indicator
 			var newCookie http.Cookie
-			// random number, so it doesnt fullfill reflected check if first request fails
-			cb := randInt()
-			boolContinue := false
+			var cb string
 			for ii := 0; ii < 5*2; ii++ {
 				weburl := Config.Website.Url.String()
 				if Config.DoPost {
@@ -379,44 +377,14 @@ func cachebusterCookie(cache *CacheStruct) []error {
 				}
 				defer resp.Body.Close()
 
-				if ii%2 == 1 && !boolContinue {
-					//check if cachebuster is reflected in second response
-					body, err := ioutil.ReadAll(resp.Body)
-					if err != nil {
-						msg := errorString + err.Error()
-						Print(msg+"\n", Red)
-						errSlice = append(errSlice, errors.New(msg))
-					}
-					if searchBodyHeadersForString(cb, string(body), resp.Header) {
-						cache.ReflectionIndicator = true
-						cache.TimeIndicator = false
-						cache.CBwasFound = true
-						cache.CBisCookie = true
-						cache.CBisHTTPMethod = false
-						cache.CBisHeader = false
-						cache.CBisParameter = false
-						cache.CBName = Config.Website.Cookies[i].Name
-						addHitMissIndicatorMap("reflection")
-						addCachebusterMap("c:" + Config.Website.Cookies[i].Name)
-
-						msg := fmt.Sprintf("%s was successful (Cookie, reflection was used as indicator)\n", identifier)
-						Print(msg, Blue)
-
-						boolContinue = true
-					}
-				}
-
 				if resp.StatusCode != Config.Website.StatusCode {
 					msg := errorString + fmt.Sprintf("Unexpected Status Code %d\n", resp.StatusCode)
 					Print(msg, Yellow)
 				}
 			}
 			msg := fmt.Sprintf("measured times: %d\n", times)
 			Print(msg, NoColor)
-			if boolContinue {
-				cbFoundDifference(times, identifier)
-				continue
-			}
+
 			skip := false
 			for ii := range times {
 				// Cache miss has to take 30ms (misshitdif) longer than cache hit
@@ -430,7 +398,6 @@ func cachebusterCookie(cache *CacheStruct) []error {
 			if skip {
 				continue
 			}
-			cache.ReflectionIndicator = false
 			cache.TimeIndicator = true
 			cache.CBwasFound = true
 			cache.CBisCookie = true
@@ -557,17 +524,6 @@ func cachebusterCookie(cache *CacheStruct) []error {
 					Print(msg, Blue)
 
 					cbFoundDifference(times, identifier)
-
-					body, err := ioutil.ReadAll(resp.Body)
-					if err != nil {
-						msg = errorString + err.Error()
-						Print(msg+"\n", Red)
-						errSlice = append(errSlice, errors.New(msg))
-					}
-					if searchBodyHeadersForString(cb, string(body), resp.Header) {
-						addHitMissIndicatorMap("reflection")
-					}
-
 					continue
 				}
 			}
@@ -592,10 +548,8 @@ func cachebusterHeader(cache *CacheStruct) []error {
 		var times []int64
 
 		if cache.Indicator == "" {
-			// No Cache Indicator was found. So time and reflection will be used as Indicator
-			// random number, so it doesnt fullfill reflected check if first request fails
-			cb := randInt()
-			boolContinue := false
+			// No Cache Indicator was found. So time will be used as Indicator
+			var cb string
 			for ii := 0; ii < 5*2; ii++ {
 				weburl := Config.Website.Url.String()
 				if Config.DoPost {
@@ -633,44 +587,14 @@ func cachebusterHeader(cache *CacheStruct) []error {
 				}
 				defer resp.Body.Close()
 
-				if ii%2 == 1 && !boolContinue {
-					//check if cachebuster is reflected in second response
-					body, err := ioutil.ReadAll(resp.Body)
-					if err != nil {
-						msg := errorString + err.Error()
-						Print(msg+"\n", Red)
-						errSlice = append(errSlice, errors.New(msg))
-					}
-					if searchBodyHeadersForString(cb, string(body), resp.Header) {
-						cache.ReflectionIndicator = true
-						cache.TimeIndicator = false
-						cache.CBwasFound = true
-						cache.CBisHeader = true
-						cache.CBisCookie = false
-						cache.CBisHTTPMethod = false
-						cache.CBisParameter = false
-						cache.CBName = header
-						addHitMissIndicatorMap("reflection")
-						addCachebusterMap(header)
-
-						msg := fmt.Sprintf("%s was successful (Header, reflection was used as indicator)\n", identifier)
-						Print(msg, Blue)
-
-						boolContinue = true
-					}
-				}
-
 				if resp.StatusCode != Config.Website.StatusCode {
 					msg := errorString + fmt.Sprintf("Unexpected Status Code %d\n", resp.StatusCode)
 					Print(msg, Yellow)
 				}
 			}
 			msg := fmt.Sprintf("measured times: %d\n", times)
 			Print(msg, NoColor)
-			if boolContinue {
-				cbFoundDifference(times, identifier)
-				continue
-			}
+
 			skip := false
 			for ii := range times {
 				// Cache miss has to take 30ms (misshitdif) longer than cache hit
@@ -685,7 +609,6 @@ func cachebusterHeader(cache *CacheStruct) []error {
 				continue
 			}
 
-			cache.ReflectionIndicator = false
 			cache.TimeIndicator = true
 			cache.CBwasFound = true
 			cache.CBisHeader = true
@@ -818,17 +741,6 @@ func cachebusterHeader(cache *CacheStruct) []error {
 					Print(msg, Blue)
 
 					cbFoundDifference(times, identifier)
-
-					body, err := ioutil.ReadAll(resp.Body)
-					if err != nil {
-						msg = errorString + err.Error()
-						Print(msg+"\n", Red)
-						errSlice = append(errSlice, errors.New(msg))
-					}
-					if searchBodyHeadersForString(cb, string(body), resp.Header) {
-						addHitMissIndicatorMap("reflection")
-					}
-
 					continue
 				}
 			}
@@ -846,14 +758,11 @@ func cachebusterParameter(cache *CacheStruct) error {
 	var times []int64
 
 	if cache.Indicator == "" {
-		// No Cache Indicator was found. So time and reflection will be used as Indicator
+		// No Cache Indicator was found. So time will be used as Indicator
 		var urlCb string
-		// random number, so it doesnt fullfill reflected check if first request fails
-		cb := randInt()
-		boolReturn := false
 		for i := 0; i < 5*2; i++ {
 			if i%2 == 0 {
-				urlCb, cb = addCachebusterParameter(Config.Website.Url.String(), "")
+				urlCb, _ = addCachebusterParameter(Config.Website.Url.String(), "")
 			}
 			if Config.DoPost {
 				req, err = http.NewRequest("POST", urlCb, bytes.NewBufferString(Config.Body))
@@ -880,33 +789,6 @@ func cachebusterParameter(cache *CacheStruct) error {
 			}
 			defer resp.Body.Close()
 
-			if i%2 == 1 && !boolReturn {
-				//check if cachebuster is reflected in second response
-				body, err := ioutil.ReadAll(resp.Body)
-				if err != nil {
-					msg := errorString + err.Error()
-					Print(msg+"\n", Red)
-					return errors.New(msg)
-				}
-				if searchBodyHeadersForString(cb, string(body), resp.Header) {
-					cache.ReflectionIndicator = true
-					cache.TimeIndicator = false
-					cache.CBwasFound = true
-					cache.CBisParameter = true
-					cache.CBisHeader = false
-					cache.CBisCookie = false
-					cache.CBisHTTPMethod = false
-					cache.CBName = Config.CacheBuster
-					addHitMissIndicatorMap("reflection")
-					addCachebusterMap(Config.CacheBuster)
-
-					msg := fmt.Sprintf("%s was successful (Parameter, reflection was used as indicator)\n", identifier)
-					Print(msg, Blue)
-
-					boolReturn = true
-				}
-			}
-
 			if resp.StatusCode != Config.Website.StatusCode {
 				msg := errorString + fmt.Sprintf("Unexpected Status Code %d\n", resp.StatusCode)
 				Print(msg, Yellow)
@@ -915,11 +797,6 @@ func cachebusterParameter(cache *CacheStruct) error {
 		msg := fmt.Sprintf("measured times: %d\n", times)
 		Print(msg, NoColor)
 
-		if boolReturn {
-			cbFoundDifference(times, identifier)
-			return nil
-		}
-
 		for i := range times {
 			// Cache miss has to take 30ms (misshitdif) longer than cache hit
 			if i%2 == 1 && times[i-1]-times[i] < misshitdif {
@@ -928,7 +805,6 @@ func cachebusterParameter(cache *CacheStruct) error {
 				return nil
 			}
 		}
-		cache.ReflectionIndicator = false
 		cache.TimeIndicator = true
 		cache.CBwasFound = true
 		cache.CBisParameter = true
@@ -982,7 +858,7 @@ func cachebusterParameter(cache *CacheStruct) error {
 			msg := fmt.Sprintf("%s was not successful (Parameter)\n", identifier)
 			Print(msg, NoColor)
 		} else {
-			urlCb, cb := addCachebusterParameter(Config.Website.Url.String(), "")
+			urlCb, _ := addCachebusterParameter(Config.Website.Url.String(), "")
 
 			if Config.DoPost {
 				req, err = http.NewRequest("POST", urlCb, bytes.NewBufferString(Config.Body))
@@ -1042,16 +918,6 @@ func cachebusterParameter(cache *CacheStruct) error {
 				Print(msg, Blue)
 
 				cbFoundDifference(times, identifier)
-
-				body, err := ioutil.ReadAll(resp.Body)
-				if err != nil {
-					msg = errorString + err.Error()
-					Print(msg+"\n", Red)
-					return errors.New(msg)
-				}
-				if searchBodyHeadersForString(cb, string(body), resp.Header) {
-					addHitMissIndicatorMap("reflection")
-				}
 			}
 		}
 	}
@@ -1073,7 +939,7 @@ func cachebusterHTTPMethod(cache *CacheStruct) []error {
 		var times []int64
 
 		if cache.Indicator == "" {
-			// No Cache Indicator was found. So time and reflection will be used as Indicator
+			// No Cache Indicator was found. So time will be used as Indicator
 			skip := false
 			for ii := 0; ii < 5*2; ii++ {
 				weburl := Config.Website.Url.String()

diff --git a/web-cache-vulnerability-scanner.go b/web-cache-vulnerability-scanner.go
@@ -37,7 +37,7 @@ $Env:GOOS = "linux"; $Env:GOARCH = "amd64"; go build
 $Env:GOOS = ""; $Env:GOARCH = ""; go build
 */
 
-const version = "0.4.35"
+const version = "0.4.36"
 
 var (
 	currentDate      string