-
Notifications
You must be signed in to change notification settings - Fork 34
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create DetectSuspiciousJSFunctions.bambda
This script is designed to enhance security assessments by identifying potentially hazardous JavaScript functions in web applications. It meticulously scans HTTP responses with a Content-Type of application/javascript and flags responses containing functions like eval(), setTimeout(), and document.write().. The script highlights such responses in red, drawing immediate attention, and adds concise notes specifying the detected functions.
- Loading branch information
1 parent
f97407b
commit 8c88f9c
Showing
1 changed file
with
72 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,72 @@ | ||
| /** | ||
| * Bambda Script to Detect and Highlight Suspicious JavaScript Functions | ||
| * It identifies a range of suspicious JavaScript functions often associated with unsafe practices or vulnerabilities, such as 'eval()', 'setTimeout()', and 'document.write()'. | ||
| * Upon detection, responses are highlighted in red, and notes are appended to indicate the specific functions found. | ||
| * Author: Tur24Tur | ||
| * GitHub: @BugBountyzip (https://github.com/BugBountyzip) | ||
| **/ | ||
|
|
||
| boolean manualColorHighlightEnabled = true; | ||
|
|
||
| // Ensure there is a response and it is not null | ||
| if (!requestResponse.hasResponse() || requestResponse.response() == null) { | ||
| return false; | ||
| } | ||
|
|
||
| // Check the Content-Type header | ||
| String contentType = requestResponse.response().headerValue("Content-Type"); | ||
| if (contentType == null || !contentType.toLowerCase().contains("application/javascript")) { | ||
| return false; | ||
| } | ||
|
|
||
| String responseBody = requestResponse.response().bodyToString(); | ||
| boolean foundSuspiciousFunction = false; | ||
| StringBuilder notesBuilder = new StringBuilder(); | ||
|
|
||
| // Expanded list of suspicious JavaScript functions | ||
| String[] suspiciousFunctions = { | ||
| "eval\\(", // Executes a string as code | ||
| "setTimeout\\(", // Can execute strings as code if used improperly | ||
| "setInterval\\(", // Similar to setTimeout, can execute strings as code | ||
| "document\\.write\\(", // Can overwrite entire document | ||
| "innerHTML", // Can introduce XSS vulnerabilities if used with untrusted content | ||
| "document\\.createElement\\(", // Safe, but part of dynamic content generation which can be risky | ||
| "document\\.execCommand\\(", // Deprecated, was used to execute certain commands | ||
| "document\\.domain", // Altering the document.domain can be risky | ||
| "window\\.location\\.href", // Can be used for redirects which might be used in phishing | ||
| "document\\.cookie", // Accessing cookies can be sensitive | ||
| "document\\.URL", // Can be used to extract URL information | ||
| "document\\.referrer", // Can be used to check where the request came from | ||
| "window\\.open\\(", // Opening a new window or tab, potential for misuse | ||
| "document\\.body\\.innerHTML", // Specific case of innerHTML, also risky | ||
| "element\\.setAttribute\\(", // If used improperly, can set risky attributes like 'onclick' | ||
| "element\\.outerHTML", // Similar risks to innerHTML | ||
| "XMLHttpRequest\\(", // Can be used for sending/receiving data, potential for misuse | ||
| "fetch\\(", // Modern way to make network requests, potential for misuse | ||
| "navigator\\.sendBeacon\\(" // Used to send analytics and tracking data | ||
| }; | ||
|
|
||
| for (String function : suspiciousFunctions) { | ||
| Pattern pattern = Pattern.compile(function); | ||
| Matcher matcher = pattern.matcher(responseBody); | ||
| if (matcher.find()) { | ||
| foundSuspiciousFunction = true; | ||
| if (manualColorHighlightEnabled) { | ||
| // Append detected functions to notes | ||
| if (notesBuilder.length() > 0) { | ||
| notesBuilder.append(", "); | ||
| } | ||
| notesBuilder.append(function.split("\\\\")[0]); // Include only the function name in the note | ||
| } | ||
| } | ||
| } | ||
|
|
||
| if (foundSuspiciousFunction) { | ||
| // Set the highlight color to RED and add notes | ||
| requestResponse.annotations().setHighlightColor(HighlightColor.RED); | ||
| if (manualColorHighlightEnabled && notesBuilder.length() > 0) { | ||
| requestResponse.annotations().setNotes("Suspicious JS functions detected: " + notesBuilder.toString()); | ||
| } | ||
| } | ||
|
|
||
| return foundSuspiciousFunction; |