Detection
This part will be executed right after Jaeles got response from the request and do a logic for determine the request is vulnerable or not.
Detections was written in Javascript so you can write whatever you want with some predefined function below as long as you return boolean value to determine it’s found something or not.
Examples Detection
# Response Status code equal 200 and the response body contain a string 'google.com' or 'example.com'
StatusCode() == 200 && (StringSearch("response", "google.com") || StringSearch("response", "example.com"))
# Content Length of the response have to greater than original request
ContentLength() - OriginContentLength() > 5000
# Response time of the request greater or smaller than original response time
Math.abs(ResponseTime() - OriginResponseTime()) > 3
# Get value of previous request
ContentLength() - parseInt(ValueOf("404html")) > 1000
OriginResponseTime() - parseFloat(ValueOf("resTime")) > 5
Normal Detection
API Detection |
Description |
Example |
StringSearch |
Search string in component |
StringSearch("response", "something") |
StringCount |
Return number of string in component |
StringCount("response", "something") |
RegexSearch |
Search regex in component |
RegexSearch("response", ".*something$") |
RegexCount |
Return number of string match the regex in component |
RegexCount("response", ".*something$") |
StatusCode |
Status code of the response |
StatusCode() == 200 , StatusCode() > 400 |
ResponseTime |
Response time of the response (second) |
ResponseTime() > 3 |
ContentLength |
Content Length of response |
ContentLength() > 5000 , StatusCode() > 400 |
OriginStatusCode |
Status code of the Original response |
OriginStatusCode() != StatusCode() |
OriginResponseTime |
Response time of the Original response (second) |
ResponseTime() > OriginResponseTime() |
OriginContentLength |
Content Length of Original response |
ContentLength() - OriginContentLength() > 5000 |
ValueOf |
Value of variables |
ValueOf("foo") == "bar" |
HasPopUp |
Check if is there any pop-up box while requesting to a URL (only available when using engine: chrome ) |
StatusCode() == 200 && HasPopUp() |
Exist |
Check if is file or folder exist |
Exist('/tmp/folder/newfile') |
StringGrepCmd |
Search string in custom command output |
StringGrepCmd('bash command', 'string_to_grep') |
RegexGrepCmd |
Search regex in custom command output |
RegexGrepCmd('bash command', 'regex_to_grep') |
RegexGrepCmd |
Search regex in custom command output |
RegexGrepCmd('bash command', 'regex_to_grep') |
Dns Detection
API Detection |
Description |
Example |
DnsString |
Search string in DNS component |
DnsRegex('NS', '.amazonaws.com') |
DnsRegex |
Search regex in DNS component |
DnsRegex('A', '(?m).*ec2.*compute\\.amazonaws\\.com.*A$') |
Selector for search
API Detection |
Description |
Example |
request |
raw request |
StringSearch("request", "something") |
response |
raw response of the request |
StringSearch("oResponse", "something") |
resHeaders |
raw headers of the response |
StringSearch("resHeaders", "something") |
resBody |
raw body of the response |
StringSearch("resBody", "something") |
oRequest |
raw original request |
StringSearch("oRequest", "something") |
oResponse |
raw original request response of the request |
StringSearch("response", "something") |
middleware |
output of the middleware |
StringSearch("middleware", "Success!") |
Special Detection
API Detection |
Description |
Example |
Collab |
Grepping collaborator response in Reuqest response or Do Real Polling with BurpCollab secret. |
Collab("{{.oob}}") |