-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadvanced-BrowserApp-job-example
128 lines (128 loc) · 3.67 KB
/
advanced-BrowserApp-job-example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
{
"data": {
"type": "Job",
"attributes": {
"version": "2.0.0",
"sutAuthentication": {
"sitesTreeSutAuthenticationPopulationStrategy": "FormStandard",
"emissaryAuthenticationStrategy": "FormStandard",
"route": "/login",
"usernameFieldLocater": "userName",
"passwordFieldLocater": "password",
"submit": "btn btn-danger",
"expectedPageSourceSuccess": "Log Out"
},
"sutHost": "nodegoat.sut.purpleteam-labs.com",
"sutPort": 443,
"sutProtocol": "https",
"browser": "chrome",
"forwardingProxy": {
"protocol": "[http|https]",
"authorizationBase64": "<base64-encoded-username:password>",
"hostname": "<proxy-hostname>",
"port": <proxy-port>
}
"loggedInIndicator": "<p>Found. Redirecting to <a href=\"\/dashboard\">\/dashboard<\/a><\/p>"
},
"relationships": {
"data": [{
"type": "tlsScanner",
"id": "NA"
},
{
"type": "appScanner",
"id": "lowPrivUser"
},
{
"type": "appScanner",
"id": "adminUser"
}]
}
},
"included": [
{
"type": "tlsScanner",
"id": "NA",
"attributes": {
"tlsScannerSeverity": "LOW"
}
},
{
"type": "appScanner",
"id": "lowPrivUser",
"attributes": {
"sitesTreePopulationStrategy": "WebDriverStandard",
"spiderStrategy": "Standard",
"scannersStrategy": "BrowserAppStandard",
"scanningStrategy": "BrowserAppStandard",
"postScanningStrategy": "BrowserAppStandard",
"reportingStrategy": "Standard",
"username": "<your-user>",
"passwordBase64": "<your-base64-encoded-password>",
"aScannerAttackStrength": "HIGH",
"aScannerAlertThreshold": "LOW"
},
"relationships": {
"data": [{
"type": "route",
"id": "/profile"
}]
}
},
{
"type": "appScanner",
"id": "adminUser",
"attributes": {
"sitesTreePopulationStrategy": "WebDriverStandard",
"spiderStrategy": "Standard",
"scannersStrategy": "BrowserAppStandard",
"scanningStrategy": "BrowserAppStandard",
"postScanningStrategy": "BrowserAppStandard",
"reportingStrategy": "Standard",
"username": "<admin-user>",
"passwordBase64": "<base64-encoded-admin-password>"
},
"relationships": {
"data": [{
"type": "route",
"id": "/memos"
},
{
"type": "route",
"id": "/profile"
}]
}
},
{
"type": "route",
"id": "/profile",
"attributes": {
"attackFields": [
{"name": "firstName", "value": "PurpleJohn", "visible": true},
{"name": "lastName", "value": "PurpleDoe", "visible": true},
{"name": "ssn", "value": "PurpleSSN", "visible": true},
{"name": "dob", "value": "12235678", "visible": true},
{"name": "bankAcc", "value": "PurpleBankAcc", "visible": true},
{"name": "bankRouting", "value": "0198212#", "visible": true},
{"name": "address", "value": "PurpleAddress", "visible": true},
{"name": "website", "value": "https://purpleteam-labs.com", "visible": true},
{"name": "_csrf", "value": ""},
{"name": "submit", "value": ""}
],
"method": "POST",
"submit": "submit"
}
},
{
"type": "route",
"id": "/memos",
"attributes": {
"attackFields": [
{"name": "memo", "value": "PurpleMemo", "visible": true}
],
"method": "POST",
"submit": "btn btn-primary"
}
}
]
}