Note: This article was authored by me and originally published on Moonfare’s Official Blog as part of my work at Moonfare. It is republished here on my personal blog with permission.
This post explores the limitations of GitHub Advanced Security (GHAS) and how Witcher enhances security management by providing greater scalability, control, and efficiency across repositories.
An Introduction to GitHub Advanced Security (GHAS)
GitHub Advanced Security (GHAS) is a comprehensive security suite that enhances code security. It offers a range of features that integrate directly into the development workflow, protecting at the pull request (PR) level to identify and mitigate vulnerabilities early.
During a Pentest, we came across a scenario where the application was sending a token in response which will be used in the next request so that it can prevent request replay. On top of that, we can’t use macros to send requests for tokens due to limitations.
To overcome this challenge, we developed a SRePlay, Burp Plugin to bypass Replay Protection which will extract the value of the token from the last response and automatically update the future request with the new token on the fly resulting in Request Replay Protection bypass.
For this usage guide, weI’ll be using the AES Killer - Demo App where I have simulated all possible scenarios with different variation in request and response to cover maximum possible combination which could occur. I have simulated the following test cases.
Complete Request & Response
Specific Request Parameters and complete response
Specific JSON Request parameters & complete response
Specific Request and Response Parameters
Override Request & Response
The application is sending back post data in response