PageFunction for Apify Akamai ARL hacker tool.

apify_pagefunction_akamai_hack.js

async function pageFunction(context) {
    const { page, request, response, log } = context;
    const title = await page.title();
    let vulnerableToInitialCheck = true;
    let vulnerableToPayloadCheck = false;
    // Initial check : response code 400
    if (response.status != 400) {
        vulnerableToInitialCheck = false;
    }
    // Initial check : response protocol HTTP/1.0
    // Initial check : response header "Server: AkamaiGHost"
    else if (!("server" in response.headers && response.headers["server"] == "AkamaiGHost")) {
        vulnerableToInitialCheck = false;
    }
    // Initial check : response header "Content-Type: text/html"
    else if (!("content-type" in response.headers && response.headers["content-type"] == "text/html")) {
        vulnerableToInitialCheck = false;
    }
    // Initial check : response body contains "Invalid URL"
    else if (!document.querySelector("body").innerText.includes("Invalid URL")) {
        vulnerableToInitialCheck = false;
    }
    // Payload check : what did initial check reveal?
    if (false == vulnerableToInitialCheck) {
        vulnerableToPayloadCheck = false;
    }
    else {
        // Payload check : Request to subdomain.target.com/<PAYLOAD>
        // Payload check : response code 200
        // Payload check : response protocol HTTP/1.0
        // Payload check : response header "Server: Apache-Coyote/1.1"
        // Payload check : response body contains "reallylongstringtomakethepayloadforxssmoveoutofview"
        vulnerableToPayloadCheck = true;
    }
    return {
        url: request.url,
        title,
        vulnerableToInitialCheck,
        vulnerableToPayloadCheck
    };
}