From 77830fb5ee171f2e3801f5a9ca02a11648fce0ac Mon Sep 17 00:00:00 2001 From: Bug Bounty Zip <133497067+BugBountyzip@users.noreply.github.com> Date: Sun, 3 Dec 2023 19:42:17 +0300 Subject: [PATCH] Create OWASPTop25VulnerableParameters.bambda This `.bambda` file serves as a filter for the Burp Suite tool, identifying HTTP requests with parameters listed in the OWASP Top 25 vulnerabilities. It's designed to help security professionals quickly pinpoint potentially risky parameters. --- .../OWASPTop25VulnerableParameters.bambda | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 Proxy/HTTP/OWASPTop25VulnerableParameters.bambda diff --git a/Proxy/HTTP/OWASPTop25VulnerableParameters.bambda b/Proxy/HTTP/OWASPTop25VulnerableParameters.bambda new file mode 100644 index 0000000..f675b6b --- /dev/null +++ b/Proxy/HTTP/OWASPTop25VulnerableParameters.bambda @@ -0,0 +1,48 @@ +/** + * Filters Proxy HTTP history for requests with vulnerable parameters based on the OWASP Top 25 + * Author: Tur24Tur + * GitHub: @BugBountyzip BugBountyzip (https://github.com/BugBountyzip) + **/ + +// Lists of vulnerable parameters based on OWASP Top 25 +String[] ssrfParams = {"dest=", "redirect=", "uri=", "path=", "continue=", "url=", "window=", "next=", "data=", "reference=", "site=", "html=", "val=", "validate=", "domain=", "callback=", "return=", "page=", "feed=", "host=", "port=", "to=", "out=", "view=", "dir="}; +String[] sqlParams = {"id=", "page=", "report=", "dir=", "search=", "category=", "file=", "class", "url=", "news=", "item=", "menu=", "lang=", "name=", "ref=", "title=", "view=", "topic=", "thread=", "type=", "date=", "form=", "main=", "nav=", "region="}; +String[] xssParams = {"q=", "s=", "search=", "id=", "lang=", "keyword=", "query=", "page=", "keywords=", "year=", "view=", "email=", "type=", "name=", "p=", "month=", "image=", "list_type=", "url=", "terms=", "categoryid=", "key=", "l=", "begindate=", "enddate="}; +String[] lfiParams = {"cat=", "dir=", "action=", "board=", "date=", "detail=", "file=", "download=", "path", "folder=", "prefix=", "include=", "page=", "inc=", "locate=", "show=", "doc=", "site=", "type=", "view=", "content=", "document=", "layout=", "mod=", "conf="}; +String[] orParams = {"next=", "url=", "target=", "rurl=", "dest=", "destination=", "redir=", "redirect_uri", "redirect_url=", "redirect=", "out=", "view=", "to=", "image_url=", "go=", "return=", "returnTo=", "return_to=", "checkout_url=", "continue=", "return_path="}; +String[] rceParams = {"cmd=", "exec=", "command=", "execute=", "ping=", "query=", "jump=", "code", "reg=", "do=", "func=", "arg=", "option=", "load=", "process=", "step=", "read=", "feature=", "exe=", "module=", "payload=", "run=", "print="}; + + +// Main logic of the Bambda +if (requestResponse.request().url() != null) { + String requestUrl = requestResponse.request().url(); + String requestBody = requestResponse.request().bodyToString(); + +// Consolidate all parameter lists into a single array for easier processing + String[][] allParams = {ssrfParams, sqlParams, xssParams, lfiParams, orParams, rceParams}; + +// Extract the query string from the URL (if any) + int queryStart = requestUrl.indexOf("?"); + String queryString = ""; + if (queryStart != -1 && queryStart < requestUrl.length() - 1) { + queryString = requestUrl.substring(queryStart + 1); + } + +// Combine and split the query string and request body into individual parameters + String[] allInputParams = (queryString + "&" + requestBody).split("&"); + + // Check each parameter against the lists of vulnerable parameters + for (String inputParam : allInputParams) { + for (String[] paramArray : allParams) { + for (String param : paramArray) { + if (inputParam.startsWith(param)) { + return true; + } + } + } + } +} + +return false; + +