The following alpha status passive scan rules are included in this add-on:
This implements an example passive scan rule that loads strings from a file that the user can edit.
For more details see: Hacking ZAP Part 3: Passive Scan Rules.
Latest code: ExampleFilePassiveScanRule.java
Note: At Low Threshold all occurrences within each response will be included.
Latest code: Base64Disclosure.java
Spectre is a side-channel attack allowing an attacker to read data from memory. One of the counter-measures is to prevent sensitive data from entering the memory and to separate trusted and untrusted documents in different browsing contexts. Three headers have been defined to enable that:
The Cross-Origin-Embedder-Policy (COEP) header prevents a document from loading any non-same-origin resources which don’t explicitly grant the document permission to be loaded. (from COOP and COEP explained). The Cross-Origin-Resource-Policy (CORP) header allows you to control the set of origins that are empowered to include a resource. It is a robust defense against attacks like Spectre, as it allows browsers to block a given response before it enters an attacker’s process. For example, an attacker site can include an image tag with an attribute src to an internal content. The browser will load the data. With a side-channel attack, an attacker will be able to read it. The Cross-Origin-Opener-Policy (COOP) header forces the browser to create multiple browsing contexts to separate trusted and untrusted documents. Site Isolation is complementary with Cross-Origin-Resource-Blocking, a mechanism managed independently by the browser.
Alerts generated:
Latest code: SiteIsolationScanRule.java
This implements a very simple example passive scan rule.
For more details see: Hacking ZAP Part 3: Passive Scan Rules.
Latest code: ExampleSimplePassiveScanRule.java
Application Source Code was disclosed by the web server.
NOTE: Ignores CSS, JavaScript, images, and font files.
Latest code: SourceCodeDisclosureScanRule.java