Open
Description
Is there an existing template for this?
- I have searched the existing templates.
Nuclei Template
id: google-iap-detection
info:
name: Google IAP Detection
author: davidfegyver
severity: info
description: |
Detects if the target uses Google's Identity-Aware Proxy
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: word
part: header
words:
- "X-Goog-Iap-Generated-Response: true" # Documentation: https://cloud.google.com/iap/docs/query-parameters-and-headers-howto#detecting_responses
extractors: #included as an alternative to https://github.com/projectdiscovery/nuclei-templates/issues/11443
- type: regex
part: header
name: client_id
regex:
- "client_id=([^&]+)"
group: 1
- method: GET
path:
- "{{BaseURL}}"
redirects: true
max-redirects: 2 # Two redirects are needed to get to the Google OAuth login page
extractors: # I'm sure this part can be simplified, please help me do so :)
- type: regex
part: body
name: redirect_to
regex:
- "{key: 'ds:1', hash: '\\d+', data:\\[\"([^\"]+)\",[^,]+,[^,]+,\"([^\"]+)\"]"
group: 1
- type: regex
part: body
name: contact_email
regex:
- "{key: 'ds:1', hash: '\\d+', data:\\[\"([^\"]+)\",[^,]+,[^,]+,\"([^\"]+)\"]"
group: 2
- type: regex
part: body
name: app_name
regex:
- "{key: 'ds:5', hash: '\\d+', data:\\[[^,]+,[^,]+,\"([^\"]+)\"]"
group: 1Relevant dumped responses
<!-- The Google OAuth login page includes the following code: -->
<script class="ds:1" nonce="xxx">
AF_initDataCallback({ key: 'ds:1', hash: '4', data: ["david-dev", null, null, "[email protected]"], sideChannel: {} });
</script>
<script class="ds:5" nonce="xxx">
AF_initDataCallback({ key: 'ds:5', hash: '5', data: [2, null, "David Dev App"], sideChannel: {} });
</script>Anything else?
No response