From 2bccfc7b7fbd160e79ffd32103db3b13d03575ac Mon Sep 17 00:00:00 2001 From: Michael Blake Date: Sat, 30 Jul 2022 20:07:56 -0700 Subject: [PATCH] ignore false positive results. --- reflectedscanner/reflectedscanner.go | 24 ++++-------------------- 1 file changed, 4 insertions(+), 20 deletions(-) diff --git a/reflectedscanner/reflectedscanner.go b/reflectedscanner/reflectedscanner.go index 002671e..8c253a7 100644 --- a/reflectedscanner/reflectedscanner.go +++ b/reflectedscanner/reflectedscanner.go @@ -17,15 +17,6 @@ func CheckStability(canary *string, body string, urlInfo *scan.URLInfo) { func CheckDocForReflections(body string, urlInfo *scan.URLInfo) []string { var foundParameters []string - - // if CountReflections(body, urlInfo.CanaryValue) != urlInfo.CanaryCount { - // // something happened with the response to cause the canary count to not be correct - // // this is probably caused by a parameter included in the request - // // for now, we are going to ignore this URL, but in the future, I'd like to find the parameter that caused this - - // return foundParameters - // } - canaryCount := CountReflections(body, urlInfo.CanaryValue) for param, value := range urlInfo.PotentialParameters { @@ -33,20 +24,13 @@ func CheckDocForReflections(body string, urlInfo *scan.URLInfo) []string { if counted > canaryCount { foundParameters = util.AppendIfMissing(foundParameters, param) + if len(foundParameters) > 50 { + // Going to assume these are false positives. 50+ parameters should not exist on one URL + return []string{} + } } } - // Check to make sure 50 / 100 / 1000 etc parameters weren't "found" in a single request. This could be caused by - // multiple things affecting the entire response (one parameter, site going down, etc). - // - // Another solution to this might be to use a canary for every request, then compare other parameters against the - // query. - // - // Another solution might be to detect the page being much different, then find what caused that. - if len(foundParameters) == urlInfo.MaxParams { - return []string{} - } - return foundParameters }