| { | |
| "info": { | |
| "name": "Gruyere Collection", | |
| "_postman_id": "9efdd931-ac99-5996-8bcd-07c07652dcfa", | |
| "description": "", | |
| "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" | |
| }, | |
| "item": [ | |
| { | |
| "name": "Login Request", | |
| "event": [ | |
| { | |
| "listen": "test", | |
| "script": { | |
| "id": "1ffd2f0e-7e41-47ed-9d7e-70b2a42d4613", | |
| "type": "text/javascript", | |
| "exec": [ | |
| "pm.test(\"Login is no longer done via GET request\", function () {", | |
| " pm.response.to.have.status(405);", | |
| "});", | |
| "", | |
| "const cookie = postman.getResponseHeader(\"Set-Cookie\");", | |
| "pm.environment.set(\"cookie\", cookie);" | |
| ] | |
| } | |
| } | |
| ], | |
| "request": { | |
| "method": "GET", | |
| "header": [], | |
| "body": {}, | |
| "url": { | |
| "raw": "https://google-gruyere.appspot.com/574774670130385288196824622060987712038/login?uid={username}&pw={password}", | |
| "protocol": "https", | |
| "host": [ | |
| "google-gruyere", | |
| "appspot", | |
| "com" | |
| ], | |
| "path": [ | |
| "574774670130385288196824622060987712038", | |
| "login" | |
| ], | |
| "query": [ | |
| { | |
| "key": "uid", | |
| "value": "{username}", | |
| "equals": true | |
| }, | |
| { | |
| "key": "pw", | |
| "value": "{password}", | |
| "equals": true | |
| } | |
| ] | |
| }, | |
| "description": "" | |
| }, | |
| "response": [] | |
| }, | |
| { | |
| "name": "XSS Submission", | |
| "event": [ | |
| { | |
| "listen": "test", | |
| "script": { | |
| "id": "73ce03de-0aa0-4191-863b-68f757fe9c5f", | |
| "type": "text/javascript", | |
| "exec": [ | |
| "pm.test(\"Input validation flaw leading to XSS has been fixed\", function () {", | |
| " pm.response.to.have.status(400);", | |
| "});" | |
| ] | |
| } | |
| } | |
| ], | |
| "request": { | |
| "method": "GET", | |
| "header": [ | |
| { | |
| "key": "Cookie", | |
| "value": "{{cookie}}" | |
| } | |
| ], | |
| "body": {}, | |
| "url": { | |
| "raw": "https://google-gruyere.appspot.com/574774670130385288196824622060987712038/newsnippet2?snippet=<a+href=\"javascript:alert(document.cookie);\">test</a>", | |
| "protocol": "https", | |
| "host": [ | |
| "google-gruyere", | |
| "appspot", | |
| "com" | |
| ], | |
| "path": [ | |
| "574774670130385288196824622060987712038", | |
| "newsnippet2" | |
| ], | |
| "query": [ | |
| { | |
| "key": "snippet", | |
| "value": "<a+href=\"javascript:alert(document.cookie);\">test</a>", | |
| "equals": true | |
| } | |
| ] | |
| }, | |
| "description": "" | |
| }, | |
| "response": [] | |
| }, | |
| { | |
| "name": "XSS Payload Execution", | |
| "event": [ | |
| { | |
| "listen": "test", | |
| "script": { | |
| "id": "4d8b1fa7-bbba-4825-80fc-766e82c112ff", | |
| "type": "text/javascript", | |
| "exec": [ | |
| "pm.test(\"User input is properly escaped when displayed.\", function () {", | |
| " pm.expect(pm.response.text()).not.to.include('<a href=\"javascript:');", | |
| "});" | |
| ] | |
| } | |
| } | |
| ], | |
| "request": { | |
| "method": "GET", | |
| "header": [ | |
| { | |
| "key": "Cookie", | |
| "value": "{{cookie}}" | |
| } | |
| ], | |
| "body": {}, | |
| "url": { | |
| "raw": "https://google-gruyere.appspot.com/574774670130385288196824622060987712038/snippets.gtl", | |
| "protocol": "https", | |
| "host": [ | |
| "google-gruyere", | |
| "appspot", | |
| "com" | |
| ], | |
| "path": [ | |
| "574774670130385288196824622060987712038", | |
| "snippets.gtl" | |
| ] | |
| }, | |
| "description": "" | |
| }, | |
| "response": [] | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment