Skip to content

Commit 3515d72

Browse files
devploitdevploit
committed
Implement binary search algorithm for parameter optimization
1 parent f8e7d4c commit 3515d72

File tree

3 files changed

+232
-164
lines changed

3 files changed

+232
-164
lines changed

background.js

Lines changed: 186 additions & 118 deletions
Original file line numberDiff line numberDiff line change
@@ -1,130 +1,198 @@
11
// List of query parameters to append
22
const queryParams = [
3-
{ key: "_debug", value: "1" },
4-
{ key: "test", value: "1" },
5-
{ key: "admin", value: "1" },
6-
{ key: "debug", value: "1" },
7-
{ key: "env", value: "pre" },
8-
{ key: "env", value: "debug" },
9-
{ key: "dev", value: "1" },
10-
{ key: "staging", value: "1" },
11-
{ key: "console", value: "1" },
12-
{ key: "trace", value: "1" },
13-
{ key: "log", value: "1" },
14-
{ key: "verbose", value: "1" },
15-
{ key: "diagnostic", value: "1" },
16-
{ key: "mode", value: "debug" },
17-
{ key: "profiler", value: "1" },
18-
{ key: "debug_mode", value: "1" },
19-
{ key: "debuglevel", value: "1" },
20-
{ key: "error_reporting", value: "1" },
21-
{ key: "show_errors", value: "1" },
22-
{ key: "performance", value: "1" },
23-
{ key: "sandbox", value: "1" },
24-
{ key: "beta", value: "1" },
25-
{ key: "qa", value: "1" },
26-
{ key: "dev_mode", value: "1" },
27-
{ key: "validate", value: "1" },
28-
{ key: "analysis", value: "1" },
29-
{ key: "experiment", value: "1" },
30-
{ key: "test_mode", value: "1" },
31-
{ key: "debug_flag", value: "1" },
32-
{ key: "development", value: "1" },
33-
{ key: "debuginfo", value: "1" },
34-
{ key: "monitoring", value: "1" },
35-
{ key: "internal", value: "1" },
36-
{ key: "debug_status", value: "1" },
37-
{ key: "debug_output", value: "1" },
38-
{ key: "testing", value: "1" },
39-
];
40-
41-
// Counter for the number of modified URLs
3+
{ key: "_debug", value: "1" },
4+
{ key: "test", value: "1" },
5+
{ key: "admin", value: "1" },
6+
{ key: "debug", value: "1" },
7+
{ key: "env", value: "pre" },
8+
{ key: "dev", value: "1" },
9+
{ key: "staging", value: "1" },
10+
{ key: "console", value: "1" },
11+
{ key: "trace", value: "1" },
12+
{ key: "log", value: "1" },
13+
{ key: "verbose", value: "1" },
14+
{ key: "diagnostic", value: "1" },
15+
{ key: "mode", value: "debug" },
16+
{ key: "profiler", value: "1" },
17+
{ key: "debug_mode", value: "1" },
18+
{ key: "debuglevel", value: "1" },
19+
{ key: "error_reporting", value: "1" },
20+
{ key: "show_errors", value: "1" },
21+
{ key: "performance", value: "1" },
22+
{ key: "sandbox", value: "1" },
23+
{ key: "beta", value: "1" },
24+
{ key: "qa", value: "1" },
25+
{ key: "dev_mode", value: "1" },
26+
{ key: "validate", value: "1" },
27+
{ key: "analysis", value: "1" },
28+
{ key: "experiment", value: "1" },
29+
{ key: "test_mode", value: "1" },
30+
{ key: "debug_flag", value: "1" },
31+
{ key: "development", value: "1" },
32+
{ key: "debuginfo", value: "1" },
33+
{ key: "monitoring", value: "1" },
34+
{ key: "internal", value: "1" },
35+
{ key: "debug_status", value: "1" },
36+
{ key: "debug_output", value: "1" },
37+
{ key: "testing", value: "1" },
38+
];
39+
40+
// Counter for the number of modified URLs
41+
let count = 0;
42+
43+
// Function to increment the counter and update the badge text
44+
function incrementCount() {
45+
count += 1;
46+
chrome.browserAction.setBadgeText({ text: count.toString() });
47+
chrome.browserAction.setBadgeBackgroundColor({ color: 'red' });
48+
}
49+
50+
// Function to append a specific query parameter to a URL
51+
function appendQueryParam(url, param) {
52+
const urlObj = new URL(url);
53+
urlObj.searchParams.set(param.key, param.value);
54+
return urlObj.href;
55+
}
56+
57+
// Store modified URLs
58+
const modifiedUrls = new Set();
59+
60+
// Count how many queryParams are in the modifiedUrl
61+
function countModifiedParams(modifiedUrl) {
62+
const urlObj = new URL(modifiedUrl);
4263
let count = 0;
43-
44-
// Function to increment the counter and update the badge text
45-
function incrementCount() {
46-
count += 1;
47-
chrome.browserAction.setBadgeText({ text: count.toString() });
48-
chrome.browserAction.setBadgeBackgroundColor({ color: 'red' });
49-
}
50-
51-
// Function to append a specific query parameter to a URL
52-
function appendQueryParam(url, param) {
53-
const urlObj = new URL(url);
54-
urlObj.searchParams.set(param.key, param.value);
55-
return urlObj.href;
56-
}
57-
58-
// Store modified URLs
59-
const modifiedUrls = new Set();
60-
61-
// Function to add a modified URL
62-
function addModifiedUrl(url) {
63-
if (!modifiedUrls.has(url)) {
64-
modifiedUrls.add(url);
65-
chrome.browserAction.setBadgeText({text: modifiedUrls.size.toString()});
64+
for (const param of queryParams) {
65+
if (urlObj.searchParams.has(param.key) && urlObj.searchParams.get(param.key) === param.value) {
66+
count++;
6667
}
6768
}
68-
69-
// Function to get modified URLs
70-
function getModifiedUrls() {
71-
return Array.from(modifiedUrls);
72-
}
73-
74-
// Function to clear modified URLs
75-
function clearModifiedUrls() {
76-
modifiedUrls.clear();
77-
count = 0; // Reset the counter when the modified URLs are cleared
78-
chrome.browserAction.setBadgeText({ text: '' }); // Clear the badge text
69+
return count;
70+
}
71+
72+
// Function to add a modified URL
73+
function addModifiedUrl(url) {
74+
if (!modifiedUrls.has(url) && countModifiedParams(url) == 1) {
75+
modifiedUrls.add(url);
76+
chrome.browserAction.setBadgeText({text: modifiedUrls.size.toString()});
7977
}
80-
81-
// Expose getModifiedUrls and clearModifiedUrls functions to popup
82-
window.getModifiedUrls = getModifiedUrls;
83-
window.clearModifiedUrls = clearModifiedUrls;
84-
85-
// Function to check if two responses are meaningfully different
86-
function isDifferentResponse(originalText, modifiedText) {
87-
// Calculate the similarity between the two responses
88-
const similarity = stringSimilarity.compareTwoStrings(originalText, modifiedText);
89-
90-
// Set a threshold for similarity; responses with similarity below this threshold are considered different
91-
const similarityThreshold = 0.90;
92-
93-
// Return true if the similarity is below the threshold
94-
return similarity < similarityThreshold;
78+
}
79+
80+
// Function to get modified URLs
81+
function getModifiedUrls() {
82+
return Array.from(modifiedUrls);
83+
}
84+
85+
// Function to clear modified URLs
86+
function clearModifiedUrls() {
87+
modifiedUrls.clear();
88+
count = 0; // Reset the counter when the modified URLs are cleared
89+
chrome.browserAction.setBadgeText({ text: '' }); // Clear the badge text
90+
}
91+
92+
// Expose getModifiedUrls and clearModifiedUrls functions to popup
93+
window.getModifiedUrls = getModifiedUrls;
94+
window.clearModifiedUrls = clearModifiedUrls;
95+
96+
// Function to check if two responses are meaningfully different
97+
function isDifferentResponse(originalText, modifiedText) {
98+
// Calculate the similarity between the two responses
99+
const similarity = stringSimilarity.compareTwoStrings(originalText, modifiedText);
100+
101+
// Set a threshold for similarity; responses with similarity below this threshold are considered different
102+
const similarityThreshold = 0.90;
103+
104+
// Return true if the similarity is below the threshold
105+
return similarity < similarityThreshold;
106+
}
107+
108+
// Function to fetch URL and compare responses with and without each parameter
109+
async function checkUrlWithParameters(url, parameters) {
110+
const originalResponse = await fetch(url);
111+
const originalText = await originalResponse.text();
112+
113+
// Check the response with all parameters combined
114+
const combinedUrl = parameters.reduce((currentUrl, param) => {
115+
return appendQueryParam(currentUrl, param);
116+
}, url);
117+
const combinedResponse = await fetch(combinedUrl);
118+
const combinedText = await combinedResponse.text();
119+
120+
if (!isDifferentResponse(originalText, combinedText)) {
121+
// If the response is the same, there is no need to perform the binary search
122+
return;
95123
}
96-
97-
// Function to fetch URL and compare responses with and without each parameter
98-
async function checkUrlWithParameters(url) {
99-
const originalResponse = await fetch(url);
100-
const originalText = await originalResponse.text();
101-
102-
// Check all parameters combined
103-
const combinedUrl = queryParams.reduce((currentUrl, param) => {
124+
125+
// Define the start and end indices for the binary search
126+
let startIndex = 0;
127+
let endIndex = parameters.length - 1;
128+
129+
// Perform the binary search
130+
while (startIndex <= endIndex) {
131+
// Calculate the middle index
132+
const middleIndex = Math.floor((startIndex + endIndex) / 2);
133+
134+
// Construct the modified URL using the parameters up to the middle index
135+
const modifiedUrl = parameters.slice(0, middleIndex + 1).reduce((currentUrl, param) => {
104136
return appendQueryParam(currentUrl, param);
105137
}, url);
106-
107-
const combinedResponse = await fetch(combinedUrl);
108-
const combinedText = await combinedResponse.text();
109-
110-
if (isDifferentResponse(originalText, combinedText)) {
111-
// Check each parameter individually
112-
for (const param of queryParams) {
113-
const modifiedUrl = appendQueryParam(url, param);
114-
const modifiedResponse = await fetch(modifiedUrl);
115-
const modifiedText = await modifiedResponse.text();
116-
117-
if (isDifferentResponse(originalText, modifiedText)) {
118-
addModifiedUrl(modifiedUrl);
119-
}
120-
}
138+
139+
// Fetch the modified response and compare it to the original response
140+
const modifiedResponse = await fetch(modifiedUrl);
141+
const modifiedText = await modifiedResponse.text();
142+
143+
if (isDifferentResponse(originalText, modifiedText)) {
144+
// If the response is different, add the modified URL and search for more modifications
145+
addModifiedUrl(modifiedUrl);
146+
endIndex = middleIndex - 1;
147+
} else {
148+
// If the response is the same, continue searching in the upper half of the list
149+
startIndex = middleIndex + 1;
121150
}
122151
}
123-
124-
// Listen for tab updates to perform background checks
125-
chrome.tabs.onUpdated.addListener(async (tabId, changeInfo, tab) => {
126-
if (changeInfo.status === "complete") {
127-
checkUrlWithParameters(tab.url);
152+
153+
// Check each parameter individually until the first parameter that modifies the response is found
154+
let found = false;
155+
for (const param of parameters) {
156+
const modifiedUrl = appendQueryParam(url, param);
157+
const modifiedResponse = await fetch(modifiedUrl);
158+
const modifiedText = await modifiedResponse.text();
159+
160+
if (isDifferentResponse(originalText, modifiedText)) {
161+
// If the response is different, add the modified URL to the set
162+
addModifiedUrl(modifiedUrl);
163+
found = true;
164+
break;
128165
}
129-
});
130-
166+
}
167+
168+
// If there are only two parameters left and we have a modified response when using only one of them,
169+
// try the other parameter
170+
if (!found && parameters.length === 2) {
171+
const modifiedUrl = appendQueryParam(url, parameters[0]);
172+
const modifiedResponse = await fetch(modifiedUrl);
173+
const modifiedText = await modifiedResponse.text();
174+
175+
if (!isDifferentResponse(originalText, modifiedText)) {
176+
const otherModifiedUrl = appendQueryParam(url, parameters[1]);
177+
const otherModifiedResponse = await fetch(otherModifiedUrl);
178+
const otherModifiedText = await otherModifiedResponse.text();
179+
180+
if (isDifferentResponse(originalText, otherModifiedText)) {
181+
addModifiedUrl(otherModifiedUrl);
182+
}
183+
} else {
184+
addModifiedUrl(modifiedUrl);
185+
}
186+
}
187+
}
188+
189+
// Listen for tab updates to perform background checks
190+
chrome.tabs.onUpdated.addListener(async (tabId, changeInfo, tab) => {
191+
if (changeInfo.status === "complete") {
192+
checkUrlWithParameters(tab.url, queryParams);
193+
}
194+
});
195+
196+
// Expose getModifiedUrls and clearModifiedUrls functions to popup
197+
window.getModifiedUrls = getModifiedUrls;
198+
window.clearModifiedUrls = clearModifiedUrls;

manifest.json

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1,23 +1,23 @@
11
{
2-
"manifest_version": 2,
3-
"name": "debugHunter",
4-
"version": "1.0.0",
5-
"description": "Discover hidden debugging parameters and uncover web application secrets",
6-
"icons": {
7-
"48": "images/icon.png"
8-
},
9-
"permissions": [
10-
"webRequest",
11-
"webRequestBlocking",
12-
"<all_urls>"
13-
],
14-
"background": {
15-
"scripts": ["similarity.min.js", "background.js"],
16-
"persistent": true
17-
},
18-
"browser_action": {
19-
"default_icon": "images/icon.png",
20-
"default_popup": "popup.html"
21-
}
2+
"manifest_version": 2,
3+
"name": "debugHunter",
4+
"version": "1.0.0",
5+
"description": "Discover hidden debugging parameters and uncover web application secrets",
6+
"icons": {
7+
"48": "images/icon.png"
8+
},
9+
"permissions": [
10+
"webRequest",
11+
"webRequestBlocking",
12+
"<all_urls>"
13+
],
14+
"background": {
15+
"scripts": ["similarity.min.js", "background.js"],
16+
"persistent": true
17+
},
18+
"browser_action": {
19+
"default_icon": "images/icon.png",
20+
"default_popup": "popup.html"
2221
}
22+
}
2323

0 commit comments

Comments
 (0)