From 9a13e9c11e7c1a65e2660362d8f604744d4d7633 Mon Sep 17 00:00:00 2001 From: liquidsec Date: Thu, 11 Jan 2024 17:05:53 -0500 Subject: [PATCH 1/2] improving express (cs) regex --- badsecrets/modules/express_signedcookies_cs.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/badsecrets/modules/express_signedcookies_cs.py b/badsecrets/modules/express_signedcookies_cs.py index e435d24..3212c2b 100644 --- a/badsecrets/modules/express_signedcookies_cs.py +++ b/badsecrets/modules/express_signedcookies_cs.py @@ -26,14 +26,14 @@ class ExpressSignedCookies_CS(BadsecretsBase): } def carve_regex(self): - return re.compile(r"(\w{1,64}=[^;]{4,512})[^\.]+\.sig=([^;]{27,86})") + return re.compile(r"(\w{1,64})=([^;]{4,512});.*?\1\.sig=([^;]{27,86});") def get_product_from_carve(self, regex_search): - return f"Data Cookie: [{regex_search.groups()[0]}] Signature Cookie: [{regex_search.groups()[1]}]" + return f"Data Cookie: [{regex_search.groups()[0]}={regex_search.groups()[1]}] Signature Cookie: [{regex_search.groups()[2]}]" def carve_to_check_secret(self, s): - if len(s.groups()) == 2: - r = self.check_secret(s.groups()[0], s.groups()[1]) + if len(s.groups()) == 3: + r = self.check_secret(f"{s.groups()[0]}={s.groups()[1]}", s.groups()[2]) return r def expressHMAC(self, payload, secret, hash_algorithm): From 35dabe91ff9d829c6b86570e0965b7d4fb8b4a97 Mon Sep 17 00:00:00 2001 From: liquidsec Date: Thu, 11 Jan 2024 17:19:19 -0500 Subject: [PATCH 2/2] slight adjustment regex --- badsecrets/modules/express_signedcookies_cs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badsecrets/modules/express_signedcookies_cs.py b/badsecrets/modules/express_signedcookies_cs.py index 3212c2b..ebdc958 100644 --- a/badsecrets/modules/express_signedcookies_cs.py +++ b/badsecrets/modules/express_signedcookies_cs.py @@ -26,7 +26,7 @@ class ExpressSignedCookies_CS(BadsecretsBase): } def carve_regex(self): - return re.compile(r"(\w{1,64})=([^;]{4,512});.*?\1\.sig=([^;]{27,86});") + return re.compile(r"(\w{1,64})=([^;]{4,512});.*?\1\.sig=([^;]{27,86})") def get_product_from_carve(self, regex_search): return f"Data Cookie: [{regex_search.groups()[0]}={regex_search.groups()[1]}] Signature Cookie: [{regex_search.groups()[2]}]"