Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Public .idea Folder containing http logs" module is designed to detect the presence of a specific folder in the software project called ".idea" that contains two files: "http-requests-log.http" and "http-client.cookies". This module targets projects using the PhpStorm or JetBrains IDEA software. It is an informative module, meaning it provides information rather than detecting a vulnerability or misconfiguration. The module was authored by martincodes-de.
This module does not have a direct impact on the security or functionality of the software project. It simply searches for the presence of the ".idea" folder and its associated files, which may contain HTTP request logs and cookies. The exposure of these files could potentially reveal sensitive information about the project's HTTP interactions, but it does not pose an immediate security risk.
The module works by sending HTTP requests to specific paths within the project, namely "/.idea/httpRequests/http-requests-log.http" and "/.idea/httpRequests/http-client.cookies". It then applies matching conditions to the response body to determine if the files contain certain patterns.
For example, the module uses regular expression matching to search for lines in the response body that start with "GET" or "POST" followed by "http://" or "https://". It also uses word matching to look for lines that contain the phrase "# domain\tpath\tname\tvalue\tdate".
If either of these matching conditions is met, the module considers the ".idea" folder and its files to be present.