nuclei-templates/http/misconfiguration/mixed-active-content.yaml

id: mixed-active-content

info:
  name: Mixed Active Content
  author: Liwermor
  severity: info
  description: |
    This check detects if there are any active content loaded over HTTP instead of HTTPS.
  reference:
    - https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content
    - https://portswigger.net/kb/issues/01000400_mixed-content
    - https://resources.infosecinstitute.com/topics/vulnerabilities/https-mixed-content-vulnerability/
    - https://docs.gitlab.com/ee/user/application_security/dast/checks/319.1.html
  metadata:
    max-request: 1
  tags: misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 3
    matchers-condition: and
    matchers:
      - type: regex
        part: body
        negative: true
        regex:
          - "(?mi)<!--\\[if (lt|lte) IE [0-9]*\\]>\\s*<script[^>]*\\ssrc=\"http://"

      - type: regex
        part: body
        negative: true
        regex:
          - "<!--\\s*<script"

      - type: regex
        part: body
        regex:
          - "<script[^>]*src=['\"]http://[^'\">]+['\"]"
          - "<iframe[^>]*src=['\"]http://[^'\">]+['\"]"
          - "<object[^>]*data=['\"]http://[^'\">]+['\"]"

      - type: dsl
        dsl:
          - 'startswith(tostring(BaseURL), "https://")'

    extractors:
      - type: regex
        group: 1
        part: body
        regex:
          - "<script[^>]*src=['\"](http[^s'\">][^'\">]*)['\"]"
          - "<iframe[^>]*src=['\"](http[^s'\">][^'\">]*)['\"]"
          - "<object[^>]*data=['\"](http[^s'\">][^'\">]*)['\"]"
# digest: 4b0a00483046022100c4aba3f149519ee836ed2c069ea090e736aa326fe545384b049ad2c2b8019508022100f5262e85edb610b5d9c506885b2022ec91ea3d6e0ddaaa0624db994418eb5bd2:922c64590222798bb761d5b6d8e72950
Added active / passive mixed content check template (#8838) * Added http-third-party-scripts-check template * Update http-third-party-scripts-check.yaml removing addtional blank lines * added more matchers for other active resources + extractors * added template for passive mixed content as well --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-12-17 07:28:50 +00:00			`id: mixed-active-content`

			`info:`
			`name: Mixed Active Content`
			`author: Liwermor`
			`severity: info`
			`description: \|`
			`This check detects if there are any active content loaded over HTTP instead of HTTPS.`
			`reference:`
			`- https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content`
			`- https://portswigger.net/kb/issues/01000400_mixed-content`
			`- https://resources.infosecinstitute.com/topics/vulnerabilities/https-mixed-content-vulnerability/`
			`- https://docs.gitlab.com/ee/user/application_security/dast/checks/319.1.html`
TemplateMan Update [Sun Jan 14 13:49:26 UTC 2024] :robot: 2024-01-14 13:49:27 +00:00			`metadata:`
			`max-request: 1`
Added active / passive mixed content check template (#8838) * Added http-third-party-scripts-check template * Update http-third-party-scripts-check.yaml removing addtional blank lines * added more matchers for other active resources + extractors * added template for passive mixed content as well --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-12-17 07:28:50 +00:00			`tags: misconfig`

			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}"`

			`host-redirects: true`
			`max-redirects: 3`
Fewer FPs in mixed content Nuclei template 2024-01-19 10:03:28 +00:00			`matchers-condition: and`
Added active / passive mixed content check template (#8838) * Added http-third-party-scripts-check template * Update http-third-party-scripts-check.yaml removing addtional blank lines * added more matchers for other active resources + extractors * added template for passive mixed content as well --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-12-17 07:28:50 +00:00			`matchers:`
Mixed-active-content: fewer FPs 2024-04-26 11:22:50 +00:00			`- type: regex`
			`part: body`
			`negative: true`
			`regex:`
Better filtering of old IE-only http scripts 2024-07-11 15:30:43 +00:00			`- "(?mi)<!--\\[if (lt\|lte) IE [0-9]\\]>\\s<script[^>]*\\ssrc=\"http://"`
lint 2024-08-19 09:19:37 +00:00
Fewer FPs for http/misconfiguration/mixed-active-content.yaml 2024-08-19 08:53:03 +00:00			`- type: regex`
			`part: body`
			`negative: true`
			`regex:`
			`- "<!--\\s*<script"`
Mixed-active-content: fewer FPs 2024-04-26 11:22:50 +00:00
Added active / passive mixed content check template (#8838) * Added http-third-party-scripts-check template * Update http-third-party-scripts-check.yaml removing addtional blank lines * added more matchers for other active resources + extractors * added template for passive mixed content as well --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-12-17 07:28:50 +00:00			`- type: regex`
			`part: body`
			`regex:`
			`- "<script[^>]*src=['\"]http://[^'\">]+['\"]"`
			`- "<iframe[^>]*src=['\"]http://[^'\">]+['\"]"`
			`- "<object[^>]*data=['\"]http://[^'\">]+['\"]"`
Update mixed-active-content.yaml 2024-01-24 06:29:58 +00:00
Fewer FPs in mixed content Nuclei template 2024-01-19 10:03:28 +00:00			`- type: dsl`
lint 2024-01-19 10:09:09 +00:00			`dsl:`
Fewer FPs in mixed content Nuclei template 2024-01-19 10:03:28 +00:00			`- 'startswith(tostring(BaseURL), "https://")'`
Added active / passive mixed content check template (#8838) * Added http-third-party-scripts-check template * Update http-third-party-scripts-check.yaml removing addtional blank lines * added more matchers for other active resources + extractors * added template for passive mixed content as well --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-12-17 07:28:50 +00:00
			`extractors:`
			`- type: regex`
			`group: 1`
			`part: body`
			`regex:`
			`- "<script[^>]src=['\"](http[^s'\">][^'\">])['\"]"`
			`- "<iframe[^>]src=['\"](http[^s'\">][^'\">])['\"]"`
			`- "<object[^>]data=['\"](http[^s'\">][^'\">])['\"]"`
chore: sign templates 🤖 2024-08-20 17:36:39 +00:00			`# digest: 4b0a00483046022100c4aba3f149519ee836ed2c069ea090e736aa326fe545384b049ad2c2b8019508022100f5262e85edb610b5d9c506885b2022ec91ea3d6e0ddaaa0624db994418eb5bd2:922c64590222798bb761d5b6d8e72950`