Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Public .idea Folder containing http logs

By kannthu

Informative
Vidoc logoVidoc Module
#phpstorm#jetbrains#idea#exposure
Description

What is the "Public .idea Folder containing http logs?" module?

The "Public .idea Folder containing http logs" module is designed to detect the presence of a specific folder in the software project called ".idea" that contains two files: "http-requests-log.http" and "http-client.cookies". This module targets projects using the PhpStorm or JetBrains IDEA software. It is an informative module, meaning it provides information rather than detecting a vulnerability or misconfiguration. The module was authored by martincodes-de.

Impact

This module does not have a direct impact on the security or functionality of the software project. It simply searches for the presence of the ".idea" folder and its associated files, which may contain HTTP request logs and cookies. The exposure of these files could potentially reveal sensitive information about the project's HTTP interactions, but it does not pose an immediate security risk.

How does the module work?

The module works by sending HTTP requests to specific paths within the project, namely "/.idea/httpRequests/http-requests-log.http" and "/.idea/httpRequests/http-client.cookies". It then applies matching conditions to the response body to determine if the files contain certain patterns.

For example, the module uses regular expression matching to search for lines in the response body that start with "GET" or "POST" followed by "http://" or "https://". It also uses word matching to look for lines that contain the phrase "# domain\tpath\tname\tvalue\tdate".

If either of these matching conditions is met, the module considers the ".idea" folder and its files to be present.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/.idea/httpRequests/.../.idea/httpRequests/...
Matching conditions
regex: (?m)^(GET|POST) https?:\/\/or
word: # domain path name value date
Passive global matcher
No matching conditions.
On match action
Report vulnerability