detect deprecated XSS Protection headers

2022-05-16 12:12:06 -04:00 · 2022-05-16 12:12:06 -04:00 · 3c828b8ac0
parent 146f0bac38
commit 3c828b8ac0
1 changed files with 37 additions and 0 deletions
--- a/misconfiguration/xss-deprecated-header.yaml
+++ b/misconfiguration/xss-deprecated-header.yaml
@ -0,0 +1,37 @@
+id: xss-deprecated-header-detect
+
+info:
+  name: Detect Deprecated XSS Protection Header
+  author: joshlarsen
+  severity: low
+  description: Setting the XSS-Protection header is deprecated by most browsers. Setting the header to anything other than `0` can actually introduce an XSS vulnerability.
+  reference:
+    - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+    - https://owasp.org/www-project-secure-headers/#x-xss-protection
+  tags: xss,misconfig
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        part: header
+        regex:
+          - "(?i)x-xss-protection: 0"
+        negative: true
+
+      - type: regex
+        part: header
+        regex:
+          - "(?i)x-xss-protection: 1+"
+
+    extractors:
+      - type: kval
+        part: header
+        kval:
+          - x_xss_protection
+