private static boolean findPersistent(IHttpRequestResponse baseRequestResponse, Attack paramGuess, String attackID, CircularFifoQueue<String> recentParams, ArrayList<String> currentParams, HashSet<String> alreadyReported) {
if (currentParams == null) {
currentParams = new ArrayList<>();
}
byte[] failResp = paramGuess.getFirstRequest().getResponse();
if (failResp == null) {
return false;
}
if (!Utilities.containsBytes(failResp, "wrtqva".getBytes())) {
return false;
}
byte[] req = paramGuess.getFirstRequest().getRequest();
for(Iterator<String> params = recentParams.iterator(); params.hasNext();) {
String param = params.next();
if(currentParams.contains(param) || alreadyReported.contains(param)) {
continue;
}
byte[] canary = Utilities.helpers.stringToBytes(Utilities.toCanary(param.split("~", 2)[0]) + attackID);
if (Utilities.containsBytes(failResp, canary) && !Utilities.containsBytes(req, canary)){
Utilities.out("Identified persistent parameter on "+Utilities.getURL(baseRequestResponse) + ":" + param);
params.remove();
Utilities.callbacks.addScanIssue(new CustomScanIssue(baseRequestResponse.getHttpService(), Utilities.getURL(baseRequestResponse), paramGuess.getFirstRequest(), "Secret parameter", "Found persistent parameter: '"+param+"'. Disregard the request and look for " + Utilities.helpers.bytesToString(canary) + " in the response", "High", "Firm", "Investigate"));
alreadyReported.add(param);
return true;
}
}
return false;
}