UNPKG

api-decooyy

Version:

A plug-and-play security gateway that detects malicious traffic and redirects it to a decoy API

78 lines (65 loc) 2.81 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
// test-attacks.js const axios = require('axios'); // Use the service name from docker-compose instead of localhost const PROXY_URL = 'http://proxy:3000'; async function runTest() { console.log('Starting security tests...'); // Add a small delay to ensure services are fully up await new Promise(resolve => setTimeout(resolve, 5000)); try { // Test 1: Normal request console.log('\n--- Test 1: Normal Request ---'); const normalResponse = await axios.get(`${PROXY_URL}/api/products`); console.log('Status:', normalResponse.status); console.log('Headers:', normalResponse.headers); console.log('Response:', normalResponse.data); // Test 2: SQL Injection attempt console.log('\n--- Test 2: SQL Injection Attempt ---'); try { const sqlResponse = await axios.get(`${PROXY_URL}/api/users/1' OR '1'='1`); console.log('Status:', sqlResponse.status); console.log('Response:', sqlResponse.data); } catch (error) { console.log('Error (expected):', error.message); } // Test 3: XSS attempt console.log('\n--- Test 3: XSS Attempt ---'); try { const xssResponse = await axios.get(`${PROXY_URL}/api/search?q=<script>alert('xss')</script>`); console.log('Status:', xssResponse.status); console.log('Response:', xssResponse.data); } catch (error) { console.log('Error (expected):', error.message); } // Test 4: Path traversal attempt console.log('\n--- Test 4: Path Traversal Attempt ---'); try { const pathResponse = await axios.get(`${PROXY_URL}/api/../../etc/passwd`); console.log('Status:', pathResponse.status); console.log('Response:', pathResponse.data); } catch (error) { console.log('Error (expected):', error.message); } // Test 5: Rate limiting console.log('\n--- Test 5: Rate Limiting Test ---'); const requests = []; for (let i = 0; i < 10; i++) { requests.push(axios.get(`${PROXY_URL}/api/products/${i}`)); } try { const results = await Promise.all(requests); console.log(`Successfully made ${results.length} requests`); } catch (error) { console.log('Some requests failed (possibly due to rate limiting):', error.message); } // Test 6: Check admin dashboard console.log('\n--- Test 6: Admin Dashboard ---'); const dashboardResponse = await axios.get(`${PROXY_URL}/admin/dashboard`); console.log('Dashboard Status:', dashboardResponse.status); console.log('Dashboard available at http://localhost:3000/admin/dashboard'); } catch (error) { console.error('Test failed:', error.message); } console.log('\nSecurity tests completed'); } runTest();