更新: 359 个文件 - 2026-03-16 23:30:01

03-authentication/session/tools/session-lab.py

@@ -0,0 +1,99 @@
+#!/usr/bin/env python3
+"""
+Session / Token Boundary Lab Tool
+
+LAB ONLY | AUTHORIZED TARGETS ONLY
+"""
+
+from __future__ import annotations
+
+import argparse
+import re
+import sys
+from pathlib import Path
+from typing import Any, Dict, List
+
+import requests
+
+SCRIPTS_DIR = Path(__file__).resolve().parents[3] / "scripts"
+if str(SCRIPTS_DIR) not in sys.path:
+    sys.path.insert(0, str(SCRIPTS_DIR))
+
+from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, parse_headers, write_evidence  # noqa: E402
+
+
+COOKIE_ATTRS = ["HttpOnly", "Secure", "SameSite", "Path", "Domain"]
+STORAGE_PATTERNS = {
+    "localStorage": re.compile(r"localStorage\.(setItem|getItem)|window\.localStorage", re.I),
+    "sessionStorage": re.compile(r"sessionStorage\.(setItem|getItem)|window\.sessionStorage", re.I),
+    "token-ish": re.compile(r"(jwt|token|authorization|bearer)", re.I),
+}
+
+
+def analyze(target: str, timeout: float, headers: Dict[str, str]) -> Dict[str, Any]:
+    response = requests.get(target, timeout=timeout, headers=headers, verify=False)
+    cookies = []
+    for raw in response.headers.get("Set-Cookie", "").split(","):
+        raw = raw.strip()
+        if not raw:
+            continue
+        attrs = {attr: (attr.lower() in raw.lower()) for attr in COOKIE_ATTRS}
+        cookies.append({"raw": raw[:300], "attributes": attrs})
+    storage_hits = []
+    for name, pattern in STORAGE_PATTERNS.items():
+        if pattern.search(response.text):
+            storage_hits.append(name)
+    suspicious_headers = []
+    for name in ["Set-Cookie", "Authorization", "X-Forwarded-User", "X-Original-URL"]:
+        if response.headers.get(name):
+            suspicious_headers.append({"name": name, "value": response.headers.get(name)[:200]})
+    return {
+        "status_code": response.status_code,
+        "cookies": cookies,
+        "storage_hits": storage_hits,
+        "suspicious_headers": suspicious_headers,
+        "body_excerpt": response.text[:600],
+    }
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser(description="Session / Token Boundary Lab Tool")
+    parser.add_argument("--target", required=True, help="目标 URL")
+    parser.add_argument("--timeout", type=float, default=8.0, help="请求超时时间")
+    add_common_args(parser)
+    args = parser.parse_args()
+    ensure_authorized(args, parser)
+
+    headers = parse_headers(args.header)
+    findings = analyze(args.target, args.timeout, headers)
+    evidence_refs = []
+    ref = write_evidence(args, "session-lab.json", findings)
+    if ref:
+        evidence_refs.append(ref)
+    suspicious = len(findings["cookies"]) + len(findings["storage_hits"]) + len(findings["suspicious_headers"])
+    report = make_report(
+        tool="session-lab",
+        mode="cookie-storage-session-boundary-check",
+        target=args.target,
+        status="verified" if suspicious else "needs-review",
+        severity="medium" if suspicious else "info",
+        payload_or_probe=findings,
+        request_summary={"timeout": args.timeout, "header_names": sorted(headers.keys())},
+        evidence_refs=evidence_refs,
+        destructive_risk="low",
+        args=args,
+    )
+    text_lines = [
+        "=" * 60,
+        "Session / Token Boundary Lab Tool",
+        "=" * 60,
+        f"Target: {args.target}",
+        f"Cookie Findings: {len(findings['cookies'])}",
+        f"Storage Hits: {len(findings['storage_hits'])}",
+        f"Suspicious Headers: {len(findings['suspicious_headers'])}",
+    ]
+    return emit_report(args, report, text_lines)
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())