search

nccgroup / tracy

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2018/june/tracy-because-tracing-user-input-through-javascript-is-for-tools/
MIT License
552 stars 68 forks source link

AngularJS-specific Injection Detection #51

Open heathj opened 6 years ago

heathj commented 6 years ago

Yo.

A cool feature would be to detect AngularJS-based injection, a la https://hackerone.com/reports/141463.

A simple payload would be something like {{191*7}} and then watching for 1337 in the output, or something like that.

Bonus points for selecting the appropriate sandbox escape payload, if needed, though this probably goes against the spirit of your tool.

Jack

robertmd commented 6 years ago

There is really two ways of doing this. Jack's way or you could just look for reflected use input in a response

heathj commented 5 years ago

I still like this idea. I wish tracy would generate random math equations and look for their answers in the response as a tracy string