In the last 30 minutes we were able to to put together simple but very useful extension which records all requests made by the scanner in a nicely formatted table. Here is a screenshot which shows the last couple of requests before the scanner completed execution:
The main code behind this is as simple as 1,2,3. This is how it looks like:
window.websecurifyMonitorHttpResponseObserver = weaponryCommon.createObserver(['http-on-examine-response', 'http-on-examine-cached-response'], function (subject, topic, data) {
let httpChannel = null;
try {
httpChannel = subject.QueryInterface(CI.nsIHttpChannel);
} catch (e) {
return;
}
let xWebsecurifyLiteRequest = 'false';
try {
xWebsecurifyLiteRequest = httpChannel.getRequestHeader('X-WebsecurifyLite-Request');
} catch (e) {
// pass
}
if (xWebsecurifyLiteRequest != 'true') {
return;
}
let workspace = weaponryWorkspaces.lookupHttpChannelWorkspace(httpChannel);
if (!workspace) {
return;
}
if (!workspace.sameAs(window.workspace)) {
return;
}
weaponryCommon.getHttpChannelTransactionDetails(httpChannel, function (requestParts, responseParts, httpChannel) {
let fields = {requestData:requestParts.data, responseData:responseParts.data};
for (let fieldName in requestParts) {
fields['request' + fieldName.replace(/^\w/, function($0) { return $0.toUpperCase(); })] = requestParts[fieldName];
}
for (let fieldName in responseParts) {
fields['response' + fieldName.replace(/^\w/, function($0) { return $0.toUpperCase(); })] = responseParts[fieldName];
}
fields.entryId = ++window.websecurifyMonitorEntryId;
$transactionsDatatable.appendDataRow(fields);
});
});And with that we are done.
0 comments:
Post a Comment