Front-End Tracker로 DOM/Storage 분석하기
Hi security engineers and hackers! Authz0 v1.1.0 has been released 🎉 First of all, I would like to thank many of you for your good feedback.
Summary
- Add setCred command
- Add –include-zap flag in new command
- Add –include-har flag in new command
- Add –include-burp flag in new command
- Add –assert-fail-size-margin flag in new command
- Support multiple same assert type
- Improve report
- Fixed bugs
Credentials and setCred
Now, we can add credentials to the template using the setCred command.
authz0 setCred target.yaml -n User1 -H "X-Token: abvcddf"
authz0 setCred target.yaml -n User2 -H "X-Token: bbbbbb"
Once added, can check it on the template like this.
credentials:
- rolename: User1
headers:
- 'X-Token: abvcddf'
- rolename: User2
headers:
- 'X-Token: bbbbbb'
The added credentials information is used in the scan.
authz0 scan target.yaml
+> Tetst to User1, User2
authz0 scan target.yaml -r User3 -H "X-Token: bbaaaa"
+> Tetst to User1, User2, User3
include from ZAP and Burp, HAR
Now, we can include ZAP and Burp History, HAR File.
- Add –include-zap flag in new command
- Add –include-har flag in new command
- Add –include-burp flag in new command
authz0 new --include-zap zap_history.har
authz0 new --include-burp burp_history.xml
authz0 new --include-har chrome_history.har
Support multiple same assert
We can now use multiple identical types of assertions. In the example below, we can designate two fail sizes and set the error range through margin.
- –assert-fail-size ints Set fail size assert (support duplicate flag)
- –assert-fail-size-margin int Set approximation range of fail size assert
authz0 new target.yaml --assert-fail-size 10 \
--assert-fail-size 550 --assert-fail-size-margin 5
References
- https://github.com/hahwul/authz0/releases/tag/v1.1.0
- https://twitter.com/hahwul/status/1484189272995676162
