diff --git a/Proxy/HTTP/FilterOnCookieValue.bambda b/Proxy/HTTP/FilterOnCookieValue.bambda new file mode 100644 index 0000000..f5807ed --- /dev/null +++ b/Proxy/HTTP/FilterOnCookieValue.bambda @@ -0,0 +1,16 @@ +/** + * Filters Proxy HTTP history for requests with a specific Cookie value. + * + * @author LostCoder + **/ + +if (requestResponse.request().hasParameter("foo", HttpParameterType.COOKIE)) { + var cookieValue = requestResponse + .request() + .parameter("foo", HttpParameterType.COOKIE) + .value(); + + return cookieValue.contains("1337"); +} + +return false; diff --git a/Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda b/Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda new file mode 100644 index 0000000..dcc1dcc --- /dev/null +++ b/Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda @@ -0,0 +1,17 @@ +/** + * Finds JSON responses with wrong Content-Type + * + * The content is probably json but the content type is not application/json + * + * @author albinowax + **/ + +var contentType = requestResponse.hasResponse() ? requestResponse.response().headerValue("Content-Type") : null; + +if (contentType != null && !contentType.contains("application/json")) { + String body = requestResponse.response().bodyToString().trim(); + + return body.startsWith( "{" ) || body.startsWith( "[" ); +} + +return false; diff --git a/Proxy/HTTP/FindRolesWithinJWTClaims.bambda b/Proxy/HTTP/FindRolesWithinJWTClaims.bambda new file mode 100644 index 0000000..4207b2d --- /dev/null +++ b/Proxy/HTTP/FindRolesWithinJWTClaims.bambda @@ -0,0 +1,28 @@ +/** + * Find role within JWT claims + * + * @author Trikster + **/ + +if (!requestResponse.hasResponse()) +{ + return false; +} + +var body = requestResponse.response().bodyToString().trim(); + +if (requestResponse.response().hasHeader("authorization")) { + var authValue = requestResponse.response().headerValue("authorization"); + + if (authValue.startsWith("Bearer ey")) { + var tokens = authValue.split("\\."); + + if (tokens.length == 3) { + var decodedClaims = utilities().base64Utils().decode(tokens[1], Base64DecodingOptions.URL).toString(); + + return decodedClaims.toLowerCase().contains("role"); + } + } +} + +return false;