-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathValidateDomainsRequestedByBrowser.js
More file actions
120 lines (106 loc) · 4.23 KB
/
ValidateDomainsRequestedByBrowser.js
File metadata and controls
120 lines (106 loc) · 4.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
//We use this to parse hostnames
var psl = require('psl')
// Setup Selenium with logging
var webdriver = require('selenium-webdriver');
const { Builder, By, Key, until } = require('selenium-webdriver')
var pref = new webdriver.logging.Preferences();
pref.setLevel('browser', webdriver.logging.Level.ALL);
pref.setLevel('driver', webdriver.logging.Level.ALL);
pref.setLevel('performance', webdriver.logging.Level.ALL);
var fs = require('fs')
let domainwhitelist = [] //we'll store our 'good' whitelisted domains here
let domainoutboundlist =[] //list of domains the browser requests
let domaininvestigatelist =[]//list of outbound domains that weren't in the whitelist
function extractHostname(url) {
var hostname;
//find & remove protocol (http, ftp, etc.) and get hostname
if (url.indexOf("//") > -1) {
hostname = url.split('/')[2];
}
else {
hostname = url.split('/')[0];
}
//find & remove port number
hostname = hostname.split(':')[0];
//find & remove "?"
hostname = hostname.split('?')[0];
return hostname;
}
async function wait(ms) {
return new Promise(resolve => {
setTimeout(resolve, ms);
});
}
//process to load our list of acceptable domains
async function load_domainwhitelist() {
fs.readFile('./domainwhitelist.txt', function read(err, data) {
if (err) {
throw err;
}
domainwhitelist = data.toString().split("\n")
for (i = 0; i < domainwhitelist.length; i++) {
domainwhitelist[i]=domainwhitelist[i].trim()
}
})
}
async function generate_domainoutboundlist() {
var driver = await new webdriver.Builder()
.withCapabilities(webdriver.Capabilities.chrome())
.setLoggingPrefs(pref).build();
//Automate the transaction we want to monitor
//Build the web automation script here
await driver.manage().logs();
await driver.manage().setTimeouts({ implicit: 2000 });//, pageLoad: 10, script: 10 } )
await driver.get("http://localhost:3000")
await wait(3000);
await driver.findElement(By.id("firstname")).click()
await driver.findElement(By.id("firstname")).sendKeys("John")
await wait(1000);
await driver.findElement(By.id("lastname")).click()
await driver.findElement(By.id("lastname")).sendKeys("Smith")
await wait(1000);
await driver.findElement(By.id("secretaccountnumber")).click()
await driver.findElement(By.id("secretaccountnumber")).sendKeys("90210")
await wait(5000);
await driver.findElement(By.id("submit")).click()
await wait(10000);
logs = await driver.manage().logs().get('performance')
await driver.quit()
//End of automation script
//Get the list of domains the browswer has requested during the execution of the script
for (i = 0; i < logs.length; i++) {
messagestring = logs[i].message;
var message = JSON.parse(messagestring)
if (message.message.method === "Network.requestWillBeSent") {
var parsed = psl.parse(extractHostname(message.message.params.request.url));
var domainrequested = parsed.subdomain + '.' + parsed.domain
if (domainoutboundlist.indexOf(domainrequested) === -1) {
domainoutboundlist.push(domainrequested)
}
}
}
}
async function review_outboundlist() {
//build array of non-whitelisted domains requested
for (i = 0; i < domainoutboundlist.length; i++) {
if (domainwhitelist.indexOf(domainoutboundlist[i].trim()) === -1) {
domaininvestigatelist.push(domainoutboundlist[i].trim())
}
}
//Action. If scripted, you could add an email alert here or some other type of notification
if (domaininvestigatelist.length > 0) {
console.log("\n\n\nThe browser made requests to the following domains which were not on your whitelist and should be investigated")
for (i = 0; i < domaininvestigatelist.length; i++) {
console.log(domaininvestigatelist[i])
}
}
else {
console.log("\n\n\nAll domains requested by the browser were in your whitelist")
}
}
async function runtest() {
await load_domainwhitelist()
await generate_domainoutboundlist()
await review_outboundlist()
}
runtest()