def handle_response(self, flow):
#check for zip file
if flow.request.scheme.endswith("http") and flow.response.headers.get(
"Content-Type")[0].endswith("application/zip"):
self.add_to_report(
"ZIP_PATH_TRAVERSAL",
"A ZIP file was downloaded using HTTP, application could be vulnerable to ZIP path traversal which could cause remote code execution or at least allowing an attacker to write to any file"
)
AnalyzerDecorator.handle_response(self, flow)
def handle_request(self, flow):
print flow.request.headers["Host"][0]
if flow.request.scheme.endswith("http"):
for (key_info, private_info_fuzzer) in self.keywords().iteritems():
if (self.requestContains(flow,private_info_fuzzer)):
requested_site = flow.request.headers["Host"][0]
self.add_to_report("INSECURE_TRANSMISSION",
"Application has leaked sensitive information via insecure transmission. Type: "+key_info+". Value leaked: " + private_info_fuzzer + " in request " + requested_site + flow.request.path)
AnalyzerDecorator.handle_request(self,flow)
def handle_response(self, flow):
#check for zip file
if flow.request.scheme.endswith("http") and flow.response.headers.get("Content-Type")[0].endswith("application/zip"):
self.add_to_report("ZIP_PATH_TRAVERSAL","A ZIP file was downloaded using HTTP, application could be vulnerable to ZIP path traversal which could cause remote code execution or at least allowing an attacker to write to any file")
AnalyzerDecorator.handle_response(self,flow)
