Update README.md files

PortSwigger · May 7, 2024 · 4d61b3e · 4d61b3e
1 parent abeaea2
commit 4d61b3e
Show file tree

Hide file tree

Showing 2 changed files with 110 additions and 0 deletions.
diff --git a/CustomColumn/Proxy/HTTP/README.md b/CustomColumn/Proxy/HTTP/README.md
@@ -5,6 +5,21 @@ Please do not manually edit this file, or include any changes to this file in pu
 -->
 # Proxy HTTP Custom Column
 Documentation: [Adding a custom column](https://portswigger.net/burp/documentation/desktop/tools/proxy/http-history#adding-a-custom-column)
+## [DetectCORS.bambda](https://github.com/PortSwigger/bambdas/blob/main/CustomColumn/Proxy/HTTP/DetectCORS.bambda)
+### Check the CORS vulnerability
+#### Author: https://github.com/JaveleyQAQ/
+```java
+if (requestResponse.hasResponse() && requestResponse.request().hasHeader("Origin") && requestResponse.response().hasHeader("Access-Control-Allow-Origin"))
+{
+    var requestOrigin = requestResponse.request().headerValue("Origin");
+    var responseOrigin = requestResponse.response().headerValue("Access-Control-Allow-Origin");
+    return requestOrigin.equals(responseOrigin) ? Character.toString(0x2757).concat("CORS?") : responseOrigin;
+
+} else {
+    return "";
+}
+
+```
 ## [JWTAlgorithm.bambda](https://github.com/PortSwigger/bambdas/blob/main/CustomColumn/Proxy/HTTP/JWTAlgorithm.bambda)
 ### Extracts the JWT alg value from JWT session Cookies
 #### Author: trikster
@@ -27,6 +42,36 @@ var matcher = Pattern.compile(".+?\"alg\":\"(\\w+)\".+").matcher(headerJson.toSt
 
 return matcher.matches() ? matcher.group(1) : "";
 
+```
+## [Referer.bambda](https://github.com/PortSwigger/bambdas/blob/main/CustomColumn/Proxy/HTTP/Referer.bambda)
+### Extracts Referer request header.  Useful to identify sensitive data leakage via Referer header like OIDC authorization codes.
+#### Author: emanuelduss
+```java
+return requestResponse.request().hasHeader("Referer") ? requestResponse.request().headerValue("Referer") : "";
+
+```
+## [SOAPMethod.bambda](https://github.com/PortSwigger/bambdas/blob/main/CustomColumn/Proxy/HTTP/SOAPMethod.bambda)
+### Extracts the Method and an example value from a SOAP Request
+#### Author: Nick Coblentz (https://github.com/ncoblentz)
+```java
+if(requestResponse.request().hasHeader("Content-Type")
+    && requestResponse.request().headerValue("Content-Type").contains("soap+xml"))
+{
+    StringBuilder builder = new StringBuilder();
+    if(requestResponse.request().bodyToString().contains("<s:Body"))
+    {
+        Matcher m = Pattern.compile("<(?:[a-zA-Z0-9]+:)?Username>([^<]+)</(?:[a-zA-Z0-9]+:)*Username>|<(?:[a-zA-Z0-9]+:)*Body[^>]*><([^ ]+)",Pattern.CASE_INSENSITIVE).matcher(requestResponse.request().bodyToString());
+        while(m.find() && m.groupCount()>0) {
+            for(int i=1;i<=m.groupCount();i++) {
+                if(m.group(i)!=null)
+                    builder.append(m.group(i)+" ");
+            }
+        }
+        return builder.toString();
+    }
+}
+return "";
+
 ```
 ## [ServerHeader.bambda](https://github.com/PortSwigger/bambdas/blob/main/CustomColumn/Proxy/HTTP/ServerHeader.bambda)
 ### Extracts the value of the Server header from the response
@@ -37,3 +82,24 @@ return requestResponse.hasResponse() && requestResponse.response().hasHeader("Se
   : "";
 
 ```
+## [WCFBinarySOAPMethod.bambda](https://github.com/PortSwigger/bambdas/blob/main/CustomColumn/Proxy/HTTP/WCFBinarySOAPMethod.bambda)
+### Extracts the WCF SOAP Binary Method from the Request
+#### Author: Nick Coblentz (https://github.com/ncoblentz)
+```java
+if(requestResponse.request().hasHeader("Content-Type") && requestResponse.request().headerValue("Content-Type").equals("application/soap+msbin1")){
+    String body = requestResponse.request().bodyToString();
+    String prefix = "www.examplewebsite.com/xmlnamespace/";
+    int start = body.indexOf(prefix);
+    if(start>0)
+    {
+        int end = body.indexOf("@",start+prefix.length());
+        if(end>0)
+        {
+            return body.substring(start+prefix.length(), end);
+        }
+
+    }
+}
+return "";
+
+```
diff --git a/Filter/Proxy/HTTP/README.md b/Filter/Proxy/HTTP/README.md
@@ -42,6 +42,50 @@ return true;
 // Ensure there is a response and check if the status code is 101
 return requestResponse.hasResponse() && requestResponse.response().statusCode() == 101;
 
+```
+## [DetectServerNames.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/DetectServerNames.bambda)
+### Bambda Script to Detect Specific Server Names in HTTP Response
+#### Author: Tur24Tur / BugBountyzip (https://github.com/BugBountyzip)
+```java
+// Configuration setting for manual annotations
+boolean enableManualAnnotations = true;
+
+Set<String> serverNames = Set.of(
+    "awselb", "Kestrel", "Apache", "Nginx", "Microsoft-IIS", "LiteSpeed", "Google Frontend",
+    "GWS", "openresty", "IBM_HTTP_Server", "AmazonS3", "CloudFront", "AkamaiGHost", "Jetty",
+    "Tengine", "lighttpd", "AOLserver", "ATS", "Boa", "Caddy", "Cherokee", "Caudium", "Hiawatha",
+    "GlassFish", "H2O", "httpd", "Jigsaw", "Mongrel", "NCSA HTTPd", "Netscape Enterprise",
+    "Oracle iPlanet", "Pound", "Resin", "thttpd", "Tornado", "Varnish", "WebObjects", "Xitami",
+    "Zope", "Werkzeug", "WebSTAR", "WebSEAL", "WebServerX", "WebtoB", "Squid", "Sun Java System Web Server",
+    "Sun ONE Web Server", "Stronghold", "Zeus Web Server", "Roxen", "RapidLogic", "Pramati",
+    "Phusion Passenger", "Oracle Containers for J2EE", "Oracle-Application-Server-10g", "Oracle-Application-Server-11g",
+    "Nostromo", "Novell-HTTP-Server", "NaviServer", "MochiWeb", "Microsoft-HTTPAPI", "Mbedthis-Appweb",
+    "Lotus-Domino", "Kangle", "Joost", "Jino", "IceWarp", "GoAhead",
+    "Flywheel", "EdgePrism", "DMS", "Cowboy", "CommuniGatePro", "CompaqHTTPServer", "CERN", "CauchoResin",
+    "BarracudaHTTP", "BaseHTTP", "AllegroServe", "Abyss", "4D_WebSTAR_S", "4D_WebSTAR_D",
+    "Yaws", "WDaemon", "Virtuoso", "UserLand", "TUX", "TwistedWeb", "Thin",
+    "Thttpd", "Swiki", "SurgeLDAP", "Sun-ONE-Web-Server", "Sun-ONE-Application-Server",
+    "Sucuri/Cloudproxy", "SSWS", "SWS", "SW", "srv", "squid", "Spamfire", "SOMA",
+    "Snap", "SmugMug", "SME Server", "Smart-4-Hosting", "Sioux", "SilverStream", "Silk", "Siemens Gigaset WLAN Camera"
+);
+
+// Ensure there is a response
+if (!requestResponse.hasResponse()) {
+    return false;
+}
+
+// Get the 'Server' header from the response
+String serverHeader = requestResponse.response().headerValue("Server");
+
+// Check if the 'Server' header value is in the set of server names
+boolean foundServerName = serverHeader != null && serverNames.contains(serverHeader);
+if (foundServerName && enableManualAnnotations) {
+    requestResponse.annotations().setHighlightColor(HighlightColor.RED);
+    requestResponse.annotations().setNotes("Detected '" + serverHeader + "' in 'Server' header");
+}
+
+return foundServerName;
+
 ```
 ## [DetectSuspiciousJSFunctions.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/DetectSuspiciousJSFunctions.bambda)
 ### Bambda Script to Detect and Highlight Suspicious JavaScript Functions