private static boolean findPersistent(IHttpRequestResponse baseRequestResponse, Attack paramGuess, String attackID, CircularFifoQueue<String> recentParams, ArrayList<String> currentParams, HashSet<String> alreadyReported) { if (currentParams == null) { currentParams = new ArrayList<>(); } byte[] failResp = paramGuess.getFirstRequest().getResponse(); if (failResp == null) { return false; } if (!Utilities.containsBytes(failResp, "wrtqva".getBytes())) { return false; } byte[] req = paramGuess.getFirstRequest().getRequest(); for(Iterator<String> params = recentParams.iterator(); params.hasNext();) { String param = params.next(); if(currentParams.contains(param) || alreadyReported.contains(param)) { continue; } byte[] canary = Utilities.helpers.stringToBytes(Utilities.toCanary(param.split("~", 2)[0]) + attackID); if (Utilities.containsBytes(failResp, canary) && !Utilities.containsBytes(req, canary)){ Utilities.out("Identified persistent parameter on "+Utilities.getURL(baseRequestResponse) + ":" + param); params.remove(); Utilities.callbacks.addScanIssue(new CustomScanIssue(baseRequestResponse.getHttpService(), Utilities.getURL(baseRequestResponse), paramGuess.getFirstRequest(), "Secret parameter", "Found persistent parameter: '"+param+"'. Disregard the request and look for " + Utilities.helpers.bytesToString(canary) + " in the response", "High", "Firm", "Investigate")); alreadyReported.add(param); return true; } } return false; }
Iterator itr = slidingWindow.iterator(); while(itr.hasNext()) { Measurement m = (Measurement) itr.next();