Skip to content

Use swagger as the source for targets #4833

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
donnd-t wants to merge 12 commits into
base: master
Choose a base branch
from
Open

Use swagger as the source for targets #4833

Changes from 1 commit
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
9a34282
get operations with query parameters
donnd-t Sep 14, 2021
caaf7c4
path injections
donnd-t Sep 15, 2021
f6201da
extra swagger validations
donnd-t Sep 15, 2021
4aeed81
support operations that have a request body
donnd-t Sep 17, 2021
8f13e35
refactor swagger code to separate module
donnd-t Sep 17, 2021
59e8bb9
refactor
donnd-t Sep 17, 2021
f031e00
show warning when example is missing
donnd-t Sep 17, 2021
65187de
show warning when example is missing
donnd-t Sep 17, 2021
1141f21
added support for headers
donnd-t Nov 2, 2021
5ab5f58
support for nested payloads
donnd-t Nov 3, 2021
35cb10f
support for swagger 2.0 metadata
donnd-t Nov 12, 2021
051eb12
support for swagger v2 body specs
donnd-t Nov 12, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
path injections
  • Loading branch information
@donnd-t
donnd-t committed Sep 15, 2021
commit caaf7c491fc4aa11905f097ddc8205e38ef3f484
50 changes: 36 additions & 14 deletions lib/core/common.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5363,6 +5363,29 @@ def _parseBurpLog(content):
if not(conf.scope and not re.search(conf.scope, url, re.I)):
yield (url, conf.method or method, data, cookie, tuple(headers))

def _swaggerOperationParameters(parameters, types):
return list(filter(lambda p: (p["in"] in types), parameters))

def _swaggerOperationQueryString(parameters):
queryParameters = _swaggerOperationParameters(parameters, ["query"])
if len(queryParameters) < 1:
return None
queryString = ""
for qp in queryParameters:
queryString += "&%s=%s" %(qp["name"], qp["example"])

return queryString.replace('&', '', 1)

def _swaggerOperationPath(path, parameters):
pathParameters = _swaggerOperationParameters(parameters, ["path"])
if len(pathParameters) < 1:
return path
parameterPath = path
for p in pathParameters:
parameterPath = parameterPath.replace("{%s}" %p["name"], "%s*" %p["example"])
return parameterPath


def _parseSwagger(content):
"""
Parses Swagger OpenAPI 3.x.x JSON documents
Expand All @@ -5381,27 +5404,26 @@ def _parseSwagger(content):
if ((tags is None or any(tag in op["tags"] for tag in tags))
and operation == "get"):

url = None
method = None
data = None
cookie = None
# header injection is not currently supported
if len(_swaggerOperationParameters(op["parameters"], ["query", "path"])) > 0:
url = None
method = None
data = None
cookie = None

url = "%s%s" % (swagger["servers"][0]["url"], path)
method = operation.upper()
q = list(filter(lambda p: (p["in"] == "query"), op["parameters"]))
qs = ""
for qp in q:
qs += "&%s=%s" %(qp["name"], qp["example"])
qs = qs.replace('&', '?', 1)
parameterPath = _swaggerOperationPath(path, op["parameters"])
qs = _swaggerOperationQueryString(op["parameters"])
url = "%s%s" % (swagger["servers"][0]["url"], parameterPath)
method = operation.upper()

if op["parameters"] is not None and len(q) > 0:
url += qs
if qs is not None:
url += "?" + qs

logger.debug("swagger url '%s', method '%s', data '%s', cookie '%s'" %(url, method, data, cookie))
yield (url, method, data, cookie, None)

else:
logger.info("excluding url '%s', method '%s' as target since there are no parameters to inject" %(url, method))
logger.info("excluding path '%s', operation '%s' as there are no parameters to inject" %(path, operation))


except json.decoder.JSONDecodeError:
Expand Down