()
| 1570 | cprintc("Scanning mode completed: review the above results.\n", "magenta") |
| 1571 | |
| 1572 | def scanModeCommonClaims(): |
| 1573 | cprintc("\nLAUNCHING SCAN: Common Claim Injection", "magenta") |
| 1574 | # Inject external URLs into common claims |
| 1575 | with open(config['input']['commonHeaders'], "r", encoding='utf-8', errors='ignore') as commonHeaders: |
| 1576 | nextHeader = commonHeaders.readline().rstrip() |
| 1577 | while nextHeader: |
| 1578 | injectExternalInteractionHeader(config['services']['httplistener']+"/inject_common_", nextHeader) |
| 1579 | nextHeader = commonHeaders.readline().rstrip() |
| 1580 | with open(config['input']['commonPayloads'], "r", encoding='utf-8', errors='ignore') as commonPayloads: |
| 1581 | nextPayload = commonPayloads.readline().rstrip() |
| 1582 | while nextPayload: |
| 1583 | injectExternalInteractionPayload(config['services']['httplistener']+"/inject_common_", nextPayload) |
| 1584 | nextPayload = commonPayloads.readline().rstrip() |
| 1585 | # Inject dangerous content-types into common claims |
| 1586 | injectCommonClaims(None) |
| 1587 | injectCommonClaims(True) |
| 1588 | injectCommonClaims(False) |
| 1589 | injectCommonClaims("jwt_tool") |
| 1590 | injectCommonClaims(0) |
| 1591 | |
| 1592 | cprintc("Scanning mode completed: review the above results.\n", "magenta") |
| 1593 | |
| 1594 | def injectCommonClaims(contentVal): |
| 1595 | with open(config['input']['commonHeaders'], "r", encoding='utf-8', errors='ignore') as commonHeaders: |
no test coverage detected