Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/rub-nds/autoleak
Find XS-Leaks in the browser by diffing DOM-Graphs in two states
https://github.com/rub-nds/autoleak
xs-leaks
Last synced: 22 days ago
JSON representation
Find XS-Leaks in the browser by diffing DOM-Graphs in two states
- Host: GitHub
- URL: https://github.com/rub-nds/autoleak
- Owner: RUB-NDS
- License: gpl-3.0
- Created: 2023-09-06T11:24:05.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-11-27T08:28:03.000Z (about 1 year ago)
- Last Synced: 2024-04-14T05:17:30.549Z (9 months ago)
- Topics: xs-leaks
- Language: JavaScript
- Homepage: https://AutoLeak.org
- Size: 3.26 MB
- Stars: 10
- Watchers: 3
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Autoleak
> Find XS-Leaks in the browser by diffing DOM-Graphs in two states
## Paper
- soon to be published at CCS 2023
## Docker Compose Setup
1. Change environment variables in `.env` file (see below for details)
2. Run the complete setup like this:
```
docker compose up -d
# add --build to rebuild the images
```
- or with letsencrypt:
```
docker compose \
-f docker-compose.yml \
-f docker-compose.letsencrypt.yml \
up --build -d
```
3. Open `https://127.0.0.1` or basedomain if your are using your domain
## Environment Variables
```
FRONTEND_USERNAM=admin # username for basic auth
FRONTEND_PASSWORD=password # password for basic auth
DEMO_MODE=0 # enable/disable readonly mode
BASEDOMAIN=example.com # basedomain for the frontend
CROSSORIGINDOMAIN=test.com # domain for the cross origin iframe
TEST_CONFIG=testconfigs/config.json # path to the test config (see /testconfigs)
```
## Add new Tests
Adding new test paramaters is easy. You can change inclusion methods, differences, browsers, just by editing the [config.json](./testconfigs/config.json)
## Test Config
Example config that shows some options:
```json
{
"browsers": [
"chrome",
"firefox",
"webkit",
"brave"
],
"differences": [
{
"name": "XFrameOptionsDENY",
"response0": {
"status": 200,
"headers": [
{
"name": "X-Frame-Options",
"value": "DENY"
}
]
},
"response1": {
"status": 200,
"headers": []
}
},
{
"name": "StatusCode500vs200",
"response0": {
"status": 500,
"headers": []
},
"response1": {
"status": 200,
"headers": []
}
},
{
"name": "ForceFileTypeCSS",
"response0": {
"status": 200,
"headers": [],
"filetype": {
"name": "css",
"contenttype": "text/css",
"filetemplate": "test.css"
}
},
"response1": {
"status": 200,
"headers": []
}
},
{
"name": "HTMLwithIframe",
"response0": {
"status": 200,
"headers": [],
"filetype": {
"name": "iframeHTML",
"contenttype": "text/html",
"filetemplate": "iframe.html"
}
},
"response1": {
"status": 200,
"headers": []
}
}
],
"inclusionmethods": [
{
"name": "iframe",
"template": "iframe.html"
},
{
"name": "iframeSandbox",
"template": "iframesandbox.html"
},
{
"name": "object",
"template": "object.html"
},
{
"name": "image",
"template": "image.html"
},
{
"name": "stylesheet",
"template": "stylesheet.html"
}
],
"filetypes": [
{
"name": "html",
"contenttype": "text/html",
"filetemplate": "test.html"
},
{
"name": "css",
"contenttype": "text/css",
"filetemplate": "test.css"
},
{
"name": "text",
"contenttype": "text/plain",
"filetemplate": "test.txt"
}
]
}
```