Updating Cookie Flags Module

Add more information about the cookie
OussamaBeng · May 6, 2024 · faec0b3 · faec0b3
1 parent 2f2dd00
commit faec0b3
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/wapitiCore/attack/mod_cookieflags.py b/wapitiCore/attack/mod_cookieflags.py
@@ -16,6 +16,9 @@
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 from http.cookiejar import Cookie
 from typing import Optional
+from urllib.parse import urljoin
+
+from httpx import RequestError
 
 from wapitiCore.attack.attack import Attack
 from wapitiCore.net import Request, Response
@@ -54,22 +57,27 @@ async def must_attack(self, request: Request, response: Optional[Response] = Non
 
     async def attack(self, request: Request, response: Optional[Response] = None):
         self.finished = True
+
         for cookie in self.crawler.cookie_jar:
             log_blue(f"Checking cookie : {cookie.name}")
+            cookie_url = urljoin(request.url, cookie.path)
+            cookie_request = Request(cookie_url)
             if not self.check_httponly_flag(cookie):
                 log_red(INFO_COOKIE_HTTPONLY.format(cookie.name))
                 await self.add_vuln_low(
                     category=COOKIE_HTTPONLY_DISABLED,
-                    request=request,
+                    request=cookie_request,
                     info=INFO_COOKIE_HTTPONLY.format(cookie.name),
+                    parameter=cookie.name,
                     wstg=COOKIE_HTTPONLY_WSTG
                 )
 
             if not self.check_secure_flag(cookie):
                 log_red(INFO_COOKIE_SECURE.format(cookie.name))
                 await self.add_vuln_low(
                     category=COOKIE_SECURE_DISABLED,
-                    request=request,
+                    request=cookie_request,
                     info=INFO_COOKIE_SECURE.format(cookie.name),
+                    parameter=cookie.name,
                     wstg=COOKIE_SECURE_WSTG
                 )