Documentation
¶
Index ¶
- func NewCORSAttackTarget() ssgo.ServerRoute
- func NewModelAccessControlAttackTarget() ssgo.ServerRoute
- func NewQueryAttackTarget() ssgo.ServerRoute
- func NewRateLimitAttackTarget() ssgo.ServerRoute
- func NewURLAttackTarget() ssgo.ServerRoute
- type CORSHacker
- type Card
- type ModelAccessControlHacker
- type QueryHacker
- type RateLimitHacker
- type URLHacker
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewCORSAttackTarget ¶
func NewCORSAttackTarget() ssgo.ServerRoute
NewCORSAttackTarget to imitate vulnerability target for CORSHacker
func NewModelAccessControlAttackTarget ¶
func NewModelAccessControlAttackTarget() ssgo.ServerRoute
NewModelAccessControlAttackTarget to imitate vulnerability target for ModelAccessControlHacker
func NewQueryAttackTarget ¶
func NewQueryAttackTarget() ssgo.ServerRoute
NewQueryAttackTarget to imitate vulnerability target for QueryHacker
func NewRateLimitAttackTarget ¶
func NewRateLimitAttackTarget() ssgo.ServerRoute
NewRateLimitAttackTarget to imitate vulnerability target for RateLimitHacker
func NewURLAttackTarget ¶
func NewURLAttackTarget() ssgo.ServerRoute
NewURLAttackTarget to imitate vulnerability target for URLHacker
Types ¶
type CORSHacker ¶
type CORSHacker struct {
// contains filtered or unexported fields
}
CORSHacker steals data from an url with an unprotected query param
func NewCORSHacker ¶
func NewCORSHacker(url string, origins ...string) CORSHacker
NewCORSHacker constructor
type Card ¶
type Card struct {
UserID uuid.UUID `json:"user_id"`
*gofakeit.CreditCardInfo
}
Card is an example structure for a credit/debit card
type ModelAccessControlHacker ¶
type ModelAccessControlHacker struct {
// contains filtered or unexported fields
}
ModelAccessControlHacker exploits the fact that the user can create, read, update, or delete any record based on JWT permissions
func NewModelAccessControlHacker ¶
func NewModelAccessControlHacker(url, jwtToken string, cardToSet Card) ModelAccessControlHacker
NewModelAccessControlHacker constructor
func (ModelAccessControlHacker) Attack ¶
func (c ModelAccessControlHacker) Attack() error
Attack implementation of ssgo.Hacker
type QueryHacker ¶
type QueryHacker struct {
// contains filtered or unexported fields
}
QueryHacker steals data from an url with an unprotected query param
func NewQueryHacker ¶
func NewQueryHacker(url string, params map[string]string) QueryHacker
NewQueryHacker constructor
func (QueryHacker) Attack ¶
func (q QueryHacker) Attack() error
Attack implementation of ssgo.Hacker
type RateLimitHacker ¶
type RateLimitHacker struct {
// contains filtered or unexported fields
}
RateLimitHacker exploits a lack of rate limit protection and steals data from a given url
func NewRateLimitHacker ¶
func NewRateLimitHacker(url, remoteAddr string) RateLimitHacker
NewRateLimitHacker constructor
func (RateLimitHacker) Attack ¶
func (q RateLimitHacker) Attack() error
Attack implementation of ssgo.Hacker
Source Files