h3xstream · December 26, 2015 16:09
diff --git a/session_fixation.js b/session_fixation.js
 importPackage(org.parosproxy.paros.extension.history); //ExtensionHistory
 importPackage(org.parosproxy.paros.control); //Control

 extHist = Control.getSingleton().getExtensionLoader().getExtension(ExtensionHistory.NAME)
 if (extHist == null) {
    println("ExtensionHistory not found.")
    exit;
 }

 // Loop through the history table, printing out the history id and the URL
 for (var i = 1; hr = extHist.getHistoryReference(i); i++) {

 ////History iteration start

    url = hr.getHttpMessage().getRequestHeader().getURI().toString();

    postData = hr.getHttpMessage().getRequestBody().toString();

    potentialLoginPost = postData.match(/\&amp;[^=]+pass/i) || postData.match(/^pass/i)
    if (!potentialLoginPost) continue;

    println('History record id ' + hr.getHistoryId() + ' is potentially a login (URL=' + url + ')');

    var j = i, hrFollow;
    var safe = false;
 //Look at the next 30 requests for session cookie change..
    while ((hrFollow = extHist.getHistoryReference(j)) != null &amp;&amp; j &lt; i + 30) {

        var cookies = hrFollow.getHttpMessage().getResponseHeader().getHttpCookies();
        if (cookies.size() &gt; 0) {
            println(cookies.size());

            //Look at the cookie in the response
            for (var c = 0; c &lt; cookies.size(); c++) {
                cookieName = cookies.get(c).getName();
                safe = cookieName.match(/sess/i);
                println("The session cookie '" + cookieName + "' is modify in the following request (History record #" + j + ")");
                if (safe) break;
            }
        }
        j++;
    }
    if (!safe) {
        println("No session cookie were update following the login. Session fixation?");
    }
    println("==="); //Separate potential login found

 ////History iteration end

 }
	importPackage(org.parosproxy.paros.extension.history); //ExtensionHistory
	importPackage(org.parosproxy.paros.control); //Control

	extHist = Control.getSingleton().getExtensionLoader().getExtension(ExtensionHistory.NAME)
	if (extHist == null) {
	println("ExtensionHistory not found.")
	exit;
	}

	// Loop through the history table, printing out the history id and the URL
	for (var i = 1; hr = extHist.getHistoryReference(i); i++) {

	////History iteration start

	url = hr.getHttpMessage().getRequestHeader().getURI().toString();

	postData = hr.getHttpMessage().getRequestBody().toString();

	potentialLoginPost = postData.match(/\&[^=]+pass/i) \|\| postData.match(/^pass/i)
	if (!potentialLoginPost) continue;

	println('History record id ' + hr.getHistoryId() + ' is potentially a login (URL=' + url + ')');

	var j = i, hrFollow;
	var safe = false;
	//Look at the next 30 requests for session cookie change..
	while ((hrFollow = extHist.getHistoryReference(j)) != null && j < i + 30) {

	var cookies = hrFollow.getHttpMessage().getResponseHeader().getHttpCookies();
	if (cookies.size() > 0) {
	println(cookies.size());

	//Look at the cookie in the response
	for (var c = 0; c < cookies.size(); c++) {
	cookieName = cookies.get(c).getName();
	safe = cookieName.match(/sess/i);
	println("The session cookie '" + cookieName + "' is modify in the following request (History record #" + j + ")");
	if (safe) break;
	}
	}
	j++;
	}
	if (!safe) {
	println("No session cookie were update following the login. Session fixation?");
	}
	println("==="); //Separate potential login found

	////History iteration end

	}