Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add detection of SameSite disabled #126

Merged
merged 3 commits into from
Oct 3, 2023
Merged

Add detection of SameSite disabled #126

merged 3 commits into from
Oct 3, 2023

Conversation

righettod
Copy link
Contributor

Hello,

This PR propose a script to detect when a cookie disable the SameSite protection by setting the value to None.

The objective of the script is to raise a information notice to allow to investigate to see if an CSRF attack can be used due to this settings.

Thanks you very much in advance for your feedback 😃

PortSwiggerWiener
PortSwiggerWiener approved these changes Oct 3, 2023
View reviewed changes
Copy link
Collaborator

@PortSwiggerWiener PortSwiggerWiener left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your PR. Really minor comments:

  1. Can you indent the metadata elements with 4 spaces so it's consistent throughout
  2. Within the detail and remediation you could use a standard "string" instead of the interpolated string.

Otherwise looks good. 👍

@righettod
Copy link
Contributor Author

Hi @PortSwiggerWiener,

Thanks a lot for your feedback, I applied all your feedback.

Feel free to reach if I missed something 😃

PortSwiggerWiener
PortSwiggerWiener approved these changes Oct 3, 2023
View reviewed changes
Copy link
Collaborator

@PortSwiggerWiener PortSwiggerWiener left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the changes! 👍

@righettod
Copy link
Contributor Author

You are welcome, thanks for the review.

Michelle-PortSwigger
Michelle-PortSwigger approved these changes Oct 3, 2023
View reviewed changes
Copy link
Contributor

@Michelle-PortSwigger Michelle-PortSwigger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All looks good to me too

@righettod
Copy link
Contributor Author

Thank you very much 😃

@Michelle-PortSwigger Michelle-PortSwigger merged commit 923fc69 into PortSwigger:main Oct 3, 2023
@michael-eaton-portswigger
Copy link

@righettod As a contributor to our GitHub repository, we would like to invite you to our closed Discord community.

It is a place where passionate Burp users, including people who directly work on building and developing Burp here at PortSwigger, can talk about the tooling and web security in general.

If you would like to join, please email us at [email protected] and we will send over an invite link.

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PortSwiggerWiener PortSwiggerWiener PortSwiggerWiener approved these changes

@Michelle-PortSwigger Michelle-PortSwigger Michelle-PortSwigger approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@righettod @michael-eaton-portswigger @Michelle-PortSwigger @PortSwiggerWiener