ing-web-es 1.0.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of ing-web-es might be problematic. Click here for more details.

Files changed (207) hide show
  1. package/45210.py +84 -0
  2. package/EMBEDDED_IFRAME_ON_WEB_PAGE.flv +0 -0
  3. package/FinalPoc.ogx +0 -0
  4. package/SCOPE_ing +20 -0
  5. package/brandportal.ing.com/dump-scripts.py +83 -0
  6. package/brandportal.ing.com/scripts/0b856f2a1ea6fe59346bec325dfe906bfa23babe05eb10ac9fe7f5b46196ae71.js +0 -0
  7. package/brandportal.ing.com/scripts/accounting.min.js +155 -0
  8. package/brandportal.ing.com/scripts/assetWindowContainer.bundle.js +23827 -0
  9. package/brandportal.ing.com/scripts/assets.js +1223 -0
  10. package/brandportal.ing.com/scripts/bootstrap-select.min.js +1287 -0
  11. package/brandportal.ing.com/scripts/bootstrap.min.js +1530 -0
  12. package/brandportal.ing.com/scripts/chosen.jquery.min.js +1238 -0
  13. package/brandportal.ing.com/scripts/core.main.js +1059 -0
  14. package/brandportal.ing.com/scripts/en_120.js +5247 -0
  15. package/brandportal.ing.com/scripts/hoverIntent.js +139 -0
  16. package/brandportal.ing.com/scripts/jquery-3.5.1.min.js +3242 -0
  17. package/brandportal.ing.com/scripts/jquery-ui-timepicker-addon.js +1471 -0
  18. package/brandportal.ing.com/scripts/jquery-ui.min.js +6711 -0
  19. package/brandportal.ing.com/scripts/jquery.are-you-sure.js +197 -0
  20. package/brandportal.ing.com/scripts/jquery.autotabs.js +42 -0
  21. package/brandportal.ing.com/scripts/jquery.backstretch.min.js +543 -0
  22. package/brandportal.ing.com/scripts/jquery.blockUI.js +442 -0
  23. package/brandportal.ing.com/scripts/jquery.datePicker.js +1151 -0
  24. package/brandportal.ing.com/scripts/jquery.dialogextend.2_0_4.pack.js +300 -0
  25. package/brandportal.ing.com/scripts/jquery.fileupload-audio.js +103 -0
  26. package/brandportal.ing.com/scripts/jquery.fileupload-image.js +313 -0
  27. package/brandportal.ing.com/scripts/jquery.fileupload-process.js +172 -0
  28. package/brandportal.ing.com/scripts/jquery.fileupload-ui.js +700 -0
  29. package/brandportal.ing.com/scripts/jquery.fileupload-validate.js +117 -0
  30. package/brandportal.ing.com/scripts/jquery.fileupload-video.js +103 -0
  31. package/brandportal.ing.com/scripts/jquery.fileupload.js +1451 -0
  32. package/brandportal.ing.com/scripts/jquery.form.js +892 -0
  33. package/brandportal.ing.com/scripts/jquery.number.min.js +150 -0
  34. package/brandportal.ing.com/scripts/jquery.ui.datepicker-en.js +26 -0
  35. package/brandportal.ing.com/scripts/jquery.ui.timepicker-en.js +6 -0
  36. package/brandportal.ing.com/scripts/jquery.validate.min.js +844 -0
  37. package/brandportal.ing.com/scripts/layout.bundle.js +673 -0
  38. package/brandportal.ing.com/scripts/load-image.all.min.js +770 -0
  39. package/brandportal.ing.com/scripts/local.bundle.js +310 -0
  40. package/brandportal.ing.com/scripts/moment.min.js +1562 -0
  41. package/brandportal.ing.com/scripts/nl.js +88 -0
  42. package/brandportal.ing.com/scripts/paginator.js +267 -0
  43. package/brandportal.ing.com/scripts/popper.min.js +844 -0
  44. package/brandportal.ing.com/scripts/selectAssetBrowser.bundle.js +47577 -0
  45. package/brandportal.ing.com/scripts/selectables.custom.js +174 -0
  46. package/brandportal.ing.com/scripts/slick.min.js +687 -0
  47. package/brandportal.ing.com/scripts/superfish.js +279 -0
  48. package/brandportal.ing.com/scripts/upload-main.js +90 -0
  49. package/brandportal.ing.com/scripts/video.min.js +12517 -0
  50. package/brandportal.ing.com/scripts/videojs.wavesurfer.min.js +495 -0
  51. package/brandportal.ing.com/scripts/wavesurfer.min.js +2775 -0
  52. package/burping.json +783 -0
  53. package/dump-scripts.py +83 -0
  54. package/ing.com.txt +365 -0
  55. package/ing.com_200List.txt +30 -0
  56. package/ing.com_DIRSEARCH.txt +8220 -0
  57. package/ing_notes +1 -0
  58. package/nmap +1224 -0
  59. package/nuclei_ing.com.txt +9 -0
  60. package/package.json +12 -0
  61. package/poc.html +116 -0
  62. package/scope.txt +141 -0
  63. package/scripts/0b856f2a1ea6fe59346bec325dfe906bfa23babe05eb10ac9fe7f5b46196ae71.js +0 -0
  64. package/scripts/AliasCtrl.js +0 -0
  65. package/scripts/ChangePasswordCtrl.js +0 -0
  66. package/scripts/CustomErrorCtrl.js +0 -0
  67. package/scripts/ErrorCtrl.js +0 -0
  68. package/scripts/HeaderCtrl.js +0 -0
  69. package/scripts/LoginValidationService.js +0 -0
  70. package/scripts/NipValidator.js +0 -0
  71. package/scripts/Psd2AliasCtrl.js +0 -0
  72. package/scripts/RegonValidator.js +0 -0
  73. package/scripts/SmsCtrl.js +0 -0
  74. package/scripts/TimeZoneInfoCollectorPanel-ver-1634885786000.js +2 -0
  75. package/scripts/accounting.min.js +155 -0
  76. package/scripts/angular-animate.min.js +0 -0
  77. package/scripts/angular-cookies.min.js +0 -0
  78. package/scripts/angular-translate.min.js +0 -0
  79. package/scripts/angular-ui-router.js +0 -0
  80. package/scripts/angular.min.js +0 -0
  81. package/scripts/assetWindowContainer.bundle.js +23827 -0
  82. package/scripts/assets.js +1223 -0
  83. package/scripts/bootstrap-select.min.js +1287 -0
  84. package/scripts/bootstrap.min.js +1530 -0
  85. package/scripts/chosen.jquery.min.js +1238 -0
  86. package/scripts/core.main.js +1059 -0
  87. package/scripts/criticalMessageService.js +0 -0
  88. package/scripts/data-dir-cookies-bar.js +0 -0
  89. package/scripts/data-dir-progress-pie.js +0 -0
  90. package/scripts/dir-critical-message.js +0 -0
  91. package/scripts/dir-login-keyboard.js +0 -0
  92. package/scripts/dir-login-validation.js +0 -0
  93. package/scripts/en_120.js +5247 -0
  94. package/scripts/environment.js +22 -0
  95. package/scripts/gemius-init.js +0 -0
  96. package/scripts/gemiusID.js +0 -0
  97. package/scripts/hoverIntent.js +139 -0
  98. package/scripts/ing-vendor.min-ver-1634885786000.js +2 -0
  99. package/scripts/ing-ver-1634885786000.js +2 -0
  100. package/scripts/jquery-3.5.1.min.js +3242 -0
  101. package/scripts/jquery-ui-timepicker-addon.js +1471 -0
  102. package/scripts/jquery-ui.min.js +6711 -0
  103. package/scripts/jquery.are-you-sure.js +197 -0
  104. package/scripts/jquery.autotabs.js +42 -0
  105. package/scripts/jquery.backstretch.min.js +543 -0
  106. package/scripts/jquery.blockUI.js +442 -0
  107. package/scripts/jquery.datePicker.js +1151 -0
  108. package/scripts/jquery.dialogextend.2_0_4.pack.js +300 -0
  109. package/scripts/jquery.fileupload-audio.js +103 -0
  110. package/scripts/jquery.fileupload-image.js +313 -0
  111. package/scripts/jquery.fileupload-process.js +172 -0
  112. package/scripts/jquery.fileupload-ui.js +700 -0
  113. package/scripts/jquery.fileupload-validate.js +117 -0
  114. package/scripts/jquery.fileupload-video.js +103 -0
  115. package/scripts/jquery.fileupload.js +1451 -0
  116. package/scripts/jquery.form.js +892 -0
  117. package/scripts/jquery.number.min.js +150 -0
  118. package/scripts/jquery.ui.datepicker-en.js +26 -0
  119. package/scripts/jquery.ui.timepicker-en.js +6 -0
  120. package/scripts/jquery.validate.min.js +844 -0
  121. package/scripts/jsbn-ver-1634886518000.js +2 -0
  122. package/scripts/layout.bundle.js +673 -0
  123. package/scripts/load-image.all.min.js +770 -0
  124. package/scripts/local.bundle.js +310 -0
  125. package/scripts/login-app.js +0 -0
  126. package/scripts/login-en.js +0 -0
  127. package/scripts/login-pl.js +0 -0
  128. package/scripts/login-states.js +0 -0
  129. package/scripts/main.js +23 -0
  130. package/scripts/mobileAuthCtrl.js +0 -0
  131. package/scripts/moment.min.js +1562 -0
  132. package/scripts/mon_ing_init.js +22 -0
  133. package/scripts/nl.js +88 -0
  134. package/scripts/paginator.js +267 -0
  135. package/scripts/pinLoginDefault-ver-1634885786000.js +2 -0
  136. package/scripts/popper.min.js +844 -0
  137. package/scripts/prng4-ver-1634886518000.js +2 -0
  138. package/scripts/psd2-states.js +0 -0
  139. package/scripts/rng-ver-1634886518000.js +2 -0
  140. package/scripts/rsa_jsbn-ver-1634886518000.js +2 -0
  141. package/scripts/selectAssetBrowser.bundle.js +47577 -0
  142. package/scripts/selectables.custom.js +174 -0
  143. package/scripts/sgemius.js +0 -0
  144. package/scripts/sha1.js +0 -0
  145. package/scripts/slick.min.js +687 -0
  146. package/scripts/superfish.js +279 -0
  147. package/scripts/upload-main.js +90 -0
  148. package/scripts/video.min.js +12517 -0
  149. package/scripts/videojs.wavesurfer.min.js +495 -0
  150. package/scripts/wavesurfer.min.js +2775 -0
  151. package/scripts/webtrekk_v4-ver-1634885786000.js +2 -0
  152. package/setup-feature.js +47 -0
  153. package/start.ingbusiness.pl/dump-scripts.py +83 -0
  154. package/start.ingbusiness.pl/form.html_v=202110040949 +52 -0
  155. package/start.ingbusiness.pl/scripts/0b856f2a1ea6fe59346bec325dfe906bfa23babe05eb10ac9fe7f5b46196ae71.js +0 -0
  156. package/start.ingbusiness.pl/scripts/AliasCtrl.js +136 -0
  157. package/start.ingbusiness.pl/scripts/ChangePasswordCtrl.js +162 -0
  158. package/start.ingbusiness.pl/scripts/CustomErrorCtrl.js +9 -0
  159. package/start.ingbusiness.pl/scripts/ErrorCtrl.js +30 -0
  160. package/start.ingbusiness.pl/scripts/HeaderCtrl.js +84 -0
  161. package/start.ingbusiness.pl/scripts/LoginService.js +86 -0
  162. package/start.ingbusiness.pl/scripts/LoginValidationService.js +52 -0
  163. package/start.ingbusiness.pl/scripts/NipValidator.js +30 -0
  164. package/start.ingbusiness.pl/scripts/PasswordCtrl.js +179 -0
  165. package/start.ingbusiness.pl/scripts/Psd2AliasCtrl.js +12 -0
  166. package/start.ingbusiness.pl/scripts/RegonValidator.js +73 -0
  167. package/start.ingbusiness.pl/scripts/RequestService.js +26 -0
  168. package/start.ingbusiness.pl/scripts/SmsCtrl.js +91 -0
  169. package/start.ingbusiness.pl/scripts/UnlockUserCtrl.js +79 -0
  170. package/start.ingbusiness.pl/scripts/angular-animate.min.js +1535 -0
  171. package/start.ingbusiness.pl/scripts/angular-cookies.min.js +62 -0
  172. package/start.ingbusiness.pl/scripts/angular-translate.min.js +871 -0
  173. package/start.ingbusiness.pl/scripts/angular-ui-router.js +1561 -0
  174. package/start.ingbusiness.pl/scripts/angular.min.js +9845 -0
  175. package/start.ingbusiness.pl/scripts/criticalMessageService.js +24 -0
  176. package/start.ingbusiness.pl/scripts/data-dir-button-loader.js +30 -0
  177. package/start.ingbusiness.pl/scripts/data-dir-compile-template.js +17 -0
  178. package/start.ingbusiness.pl/scripts/data-dir-cookies-bar.js +37 -0
  179. package/start.ingbusiness.pl/scripts/data-dir-progress-pie.js +102 -0
  180. package/start.ingbusiness.pl/scripts/data-dir-svg-icon.js +633 -0
  181. package/start.ingbusiness.pl/scripts/data-gemius-event.js +119 -0
  182. package/start.ingbusiness.pl/scripts/dir-critical-message.js +9 -0
  183. package/start.ingbusiness.pl/scripts/dir-help-panel-content.js +29 -0
  184. package/start.ingbusiness.pl/scripts/dir-login-keyboard.js +346 -0
  185. package/start.ingbusiness.pl/scripts/dir-login-validation.js +20 -0
  186. package/start.ingbusiness.pl/scripts/dir-nav-links.js +26 -0
  187. package/start.ingbusiness.pl/scripts/dir-title.js +21 -0
  188. package/start.ingbusiness.pl/scripts/gemius-init.js +12 -0
  189. package/start.ingbusiness.pl/scripts/gemiusID.js +32 -0
  190. package/start.ingbusiness.pl/scripts/hashService.js +91 -0
  191. package/start.ingbusiness.pl/scripts/helpPanelPasswordService.js +26 -0
  192. package/start.ingbusiness.pl/scripts/helpPanelService.js +92 -0
  193. package/start.ingbusiness.pl/scripts/jquery-3.5.1.min.js +3242 -0
  194. package/start.ingbusiness.pl/scripts/login-app.js +107 -0
  195. package/start.ingbusiness.pl/scripts/login-en.js +73 -0
  196. package/start.ingbusiness.pl/scripts/login-pl.js +74 -0
  197. package/start.ingbusiness.pl/scripts/login-states.js +156 -0
  198. package/start.ingbusiness.pl/scripts/maskService.js +194 -0
  199. package/start.ingbusiness.pl/scripts/maskUtilService.js +302 -0
  200. package/start.ingbusiness.pl/scripts/mobileAuthCtrl.js +189 -0
  201. package/start.ingbusiness.pl/scripts/psd2-states.js +67 -0
  202. package/start.ingbusiness.pl/scripts/securityPolicyService.js +119 -0
  203. package/start.ingbusiness.pl/scripts/sgemius.js +257 -0
  204. package/start.ingbusiness.pl/scripts/sha1.js +210 -0
  205. package/start.ingbusiness.pl/scripts/sprintf.js +115 -0
  206. package/start.ingbusiness.pl/scripts/tabletScalingService.js +59 -0
  207. package/start.ingbusiness.pl/scripts/userAgentResolverService.js +12 -0
package/burping.json ADDED
@@ -0,0 +1,783 @@
1
+ {
2
+ "logger":{
3
+ "capture_filter":{
4
+ "by_mime_type":{
5
+ "capture_css":true,
6
+ "capture_flash":true,
7
+ "capture_html":true,
8
+ "capture_images":true,
9
+ "capture_other_binary":true,
10
+ "capture_other_text":true,
11
+ "capture_script":true,
12
+ "capture_xml":true
13
+ },
14
+ "by_request_type":{
15
+ "capture_only_in_scope_items":false,
16
+ "capture_only_parameterized_requests":false,
17
+ "discard_items_without_responses":false
18
+ },
19
+ "by_search":{
20
+ "case_sensitive":false,
21
+ "negative_search":false,
22
+ "regex":false,
23
+ "term":""
24
+ },
25
+ "by_status_code":{
26
+ "capture_2xx":true,
27
+ "capture_3xx":true,
28
+ "capture_4xx":true,
29
+ "capture_5xx":true
30
+ },
31
+ "by_tool":{
32
+ "capture_extender":true,
33
+ "capture_intruder":true,
34
+ "capture_proxy":true,
35
+ "capture_repeater":true,
36
+ "capture_scanner":true,
37
+ "capture_sequencer":true,
38
+ "capture_target":true
39
+ },
40
+ "capture_enabled":true,
41
+ "capture_memory_limit_mb":100,
42
+ "limit_request_response_size":{
43
+ "capture_requests_up_to":"1MB",
44
+ "capture_responses_up_to":"1MB"
45
+ },
46
+ "session_handling":{
47
+ "ignore_session_handling_requests":false
48
+ },
49
+ "task_capture_memory_limit_mb":20
50
+ },
51
+ "display_filter":{
52
+ "by_annotation":{
53
+ "show_only_commented_items":false,
54
+ "show_only_highlighted_items":false
55
+ },
56
+ "by_file_extension":{
57
+ "hide_items":[
58
+ "js",
59
+ "gif",
60
+ "jpg",
61
+ "png",
62
+ "css"
63
+ ],
64
+ "hide_specific":false,
65
+ "show_items":[
66
+ "asp",
67
+ "aspx",
68
+ "jsp",
69
+ "php"
70
+ ],
71
+ "show_only_specific":false
72
+ },
73
+ "by_mime_type":{
74
+ "show_css":true,
75
+ "show_flash":true,
76
+ "show_html":true,
77
+ "show_images":true,
78
+ "show_other_binary":true,
79
+ "show_other_text":true,
80
+ "show_script":true,
81
+ "show_xml":true
82
+ },
83
+ "by_request_type":{
84
+ "hide_items_without_responses":false,
85
+ "show_only_in_scope_items":false,
86
+ "show_only_parameterized_requests":false
87
+ },
88
+ "by_search":{
89
+ "case_sensitive":false,
90
+ "negative_search":false,
91
+ "regex":false,
92
+ "term":""
93
+ },
94
+ "by_status_code":{
95
+ "show_2xx":true,
96
+ "show_3xx":true,
97
+ "show_4xx":true,
98
+ "show_5xx":true
99
+ },
100
+ "by_tool":{
101
+ "show_extender":true,
102
+ "show_intruder":true,
103
+ "show_proxy":true,
104
+ "show_repeater":true,
105
+ "show_scanner":true,
106
+ "show_sequencer":true,
107
+ "show_target":true
108
+ }
109
+ }
110
+ },
111
+ "project_options":{
112
+ "connections":{
113
+ "hostname_resolution":[],
114
+ "out_of_scope_requests":{
115
+ "advanced_mode":false,
116
+ "drop_all_out_of_scope":false,
117
+ "exclude":[],
118
+ "include":[],
119
+ "scope_option":"suite"
120
+ },
121
+ "platform_authentication":{
122
+ "credentials":[],
123
+ "do_platform_authentication":true,
124
+ "prompt_on_authentication_failure":false,
125
+ "use_user_options":true
126
+ },
127
+ "socks_proxy":{
128
+ "dns_over_socks":false,
129
+ "host":"",
130
+ "password":"",
131
+ "port":0,
132
+ "use_proxy":false,
133
+ "use_user_options":true,
134
+ "username":""
135
+ },
136
+ "timeouts":{
137
+ "connect_timeout":120000,
138
+ "domain_name_resolution_timeout":300000,
139
+ "failed_domain_name_resolution_timeout":60000,
140
+ "normal_timeout":120000,
141
+ "open_ended_response_timeout":10000
142
+ },
143
+ "upstream_proxy":{
144
+ "servers":[],
145
+ "use_user_options":true
146
+ }
147
+ },
148
+ "http":{
149
+ "http1":{
150
+ "enable_keep_alive":false
151
+ },
152
+ "http2":{
153
+ "enable_http2":true
154
+ },
155
+ "redirections":{
156
+ "understand_3xx_status_code":true,
157
+ "understand_any_status_code_with_location_header":false,
158
+ "understand_javascript_driven":false,
159
+ "understand_meta_refresh_tag":true,
160
+ "understand_refresh_header":true
161
+ },
162
+ "status_100_responses":{
163
+ "remove_100_continue_responses":false,
164
+ "understand_100_continue_responses":true
165
+ },
166
+ "streaming_responses":{
167
+ "scope_advanced_mode":false,
168
+ "store":true,
169
+ "strip_chunked_encoding_metadata":true,
170
+ "urls":[]
171
+ }
172
+ },
173
+ "misc":{
174
+ "collaborator_server":{
175
+ "location":"",
176
+ "poll_over_unencrypted_http":false,
177
+ "polling_location":"",
178
+ "type":"default"
179
+ },
180
+ "embedded_browser":{
181
+ "allow_running_without_sandbox":false,
182
+ "disable_gpu":false
183
+ },
184
+ "logging":{
185
+ "requests":{
186
+ "all_tools":"",
187
+ "extender":"",
188
+ "intruder":"",
189
+ "proxy":"",
190
+ "repeater":"",
191
+ "scanner":"",
192
+ "sequencer":""
193
+ },
194
+ "responses":{
195
+ "all_tools":"",
196
+ "extender":"",
197
+ "intruder":"",
198
+ "proxy":"",
199
+ "repeater":"",
200
+ "scanner":"",
201
+ "sequencer":""
202
+ }
203
+ },
204
+ "scheduled_tasks":{
205
+ "tasks":[]
206
+ }
207
+ },
208
+ "sessions":{
209
+ "cookie_jar":{
210
+ "monitor_extender":false,
211
+ "monitor_intruder":false,
212
+ "monitor_proxy":true,
213
+ "monitor_repeater":false,
214
+ "monitor_scanner":false,
215
+ "monitor_sequencer":false
216
+ },
217
+ "macros":{
218
+ "macros":[]
219
+ },
220
+ "session_handling_rules":{
221
+ "rules":[
222
+ {
223
+ "actions":[
224
+ {
225
+ "enabled":true,
226
+ "match_cookies":"all_except",
227
+ "type":"use_cookies"
228
+ }
229
+ ],
230
+ "description":"Use cookies from Burp's cookie jar",
231
+ "enabled":true,
232
+ "exclude_from_scope":[],
233
+ "include_in_scope":[],
234
+ "named_params":[],
235
+ "restrict_scope_to_named_params":false,
236
+ "tools_scope":[
237
+ "Scanner"
238
+ ],
239
+ "url_scope":"all",
240
+ "url_scope_advanced_mode":false
241
+ }
242
+ ]
243
+ }
244
+ },
245
+ "ssl":{
246
+ "client_certificates":{
247
+ "certificates":[],
248
+ "use_user_options":true
249
+ },
250
+ "negotiation":{
251
+ "allow_unsafe_renegotiation":false,
252
+ "disable_ssl_session_resume":false,
253
+ "enabled_ciphers":[],
254
+ "enabled_protocols":[],
255
+ "enforce_upstream_trust":false,
256
+ "tls_negotiation_behavior":"use_all_supported"
257
+ }
258
+ }
259
+ },
260
+ "proxy":{
261
+ "http_history_display_filter":{
262
+ "by_annotation":{
263
+ "show_only_commented_items":false,
264
+ "show_only_highlighted_items":false
265
+ },
266
+ "by_file_extension":{
267
+ "hide_items":[
268
+ "js",
269
+ "gif",
270
+ "jpg",
271
+ "png",
272
+ "css"
273
+ ],
274
+ "hide_specific":false,
275
+ "show_items":[
276
+ "asp",
277
+ "aspx",
278
+ "jsp",
279
+ "php"
280
+ ],
281
+ "show_only_specific":false
282
+ },
283
+ "by_listener":{
284
+ "port":""
285
+ },
286
+ "by_mime_type":{
287
+ "show_css":false,
288
+ "show_flash":true,
289
+ "show_html":true,
290
+ "show_images":false,
291
+ "show_other_binary":false,
292
+ "show_other_text":true,
293
+ "show_script":true,
294
+ "show_xml":true
295
+ },
296
+ "by_request_type":{
297
+ "hide_items_without_responses":false,
298
+ "show_only_in_scope_items":false,
299
+ "show_only_parameterized_requests":false
300
+ },
301
+ "by_search":{
302
+ "case_sensitive":false,
303
+ "negative_search":false,
304
+ "regex":false,
305
+ "term":""
306
+ },
307
+ "by_status_code":{
308
+ "show_2xx":true,
309
+ "show_3xx":true,
310
+ "show_4xx":true,
311
+ "show_5xx":true
312
+ }
313
+ },
314
+ "intercept_client_requests":{
315
+ "automatically_fix_missing_or_superfluous_new_lines_at_end_of_request":false,
316
+ "automatically_update_content_length_header_when_the_request_is_edited":true,
317
+ "do_intercept":true,
318
+ "rules":[
319
+ {
320
+ "boolean_operator":"and",
321
+ "enabled":true,
322
+ "match_condition":"(^gif$|^jpg$|^png$|^css$|^js$|^ico$|^svg$|^eot$|^woff$|^woff2$|^ttf$)",
323
+ "match_relationship":"does_not_match",
324
+ "match_type":"file_extension"
325
+ },
326
+ {
327
+ "boolean_operator":"or",
328
+ "enabled":false,
329
+ "match_relationship":"contains_parameters",
330
+ "match_type":"request"
331
+ },
332
+ {
333
+ "boolean_operator":"or",
334
+ "enabled":false,
335
+ "match_condition":"(get|post)",
336
+ "match_relationship":"does_not_match",
337
+ "match_type":"http_method"
338
+ },
339
+ {
340
+ "boolean_operator":"and",
341
+ "enabled":false,
342
+ "match_relationship":"is_in_target_scope",
343
+ "match_type":"url"
344
+ }
345
+ ]
346
+ },
347
+ "intercept_server_responses":{
348
+ "automatically_update_content_length_header_when_the_response_is_edited":true,
349
+ "do_intercept":false,
350
+ "rules":[
351
+ {
352
+ "boolean_operator":"or",
353
+ "enabled":true,
354
+ "match_condition":"text",
355
+ "match_relationship":"matches",
356
+ "match_type":"content_type_header"
357
+ },
358
+ {
359
+ "boolean_operator":"or",
360
+ "enabled":false,
361
+ "match_relationship":"was_modified",
362
+ "match_type":"request"
363
+ },
364
+ {
365
+ "boolean_operator":"or",
366
+ "enabled":false,
367
+ "match_relationship":"was_intercepted",
368
+ "match_type":"request"
369
+ },
370
+ {
371
+ "boolean_operator":"and",
372
+ "enabled":false,
373
+ "match_condition":"^304$",
374
+ "match_relationship":"does_not_match",
375
+ "match_type":"status_code"
376
+ },
377
+ {
378
+ "boolean_operator":"and",
379
+ "enabled":false,
380
+ "match_relationship":"is_in_target_scope",
381
+ "match_type":"url"
382
+ }
383
+ ]
384
+ },
385
+ "intercept_web_sockets_messages":{
386
+ "client_to_server_messages":true,
387
+ "server_to_client_messages":true
388
+ },
389
+ "match_replace_rules":[
390
+ {
391
+ "comment":"Emulate IE",
392
+ "enabled":false,
393
+ "is_simple_match":false,
394
+ "rule_type":"request_header",
395
+ "string_match":"^User-Agent.*$",
396
+ "string_replace":"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
397
+ },
398
+ {
399
+ "comment":"Emulate iOS",
400
+ "enabled":false,
401
+ "is_simple_match":false,
402
+ "rule_type":"request_header",
403
+ "string_match":"^User-Agent.*$",
404
+ "string_replace":"User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3"
405
+ },
406
+ {
407
+ "comment":"Emulate Android",
408
+ "enabled":false,
409
+ "is_simple_match":false,
410
+ "rule_type":"request_header",
411
+ "string_match":"^User-Agent.*$",
412
+ "string_replace":"User-Agent: Mozilla/5.0 (Linux; U; Android 2.2; en-us; Droid Build/FRG22D) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
413
+ },
414
+ {
415
+ "comment":"Require non-cached response",
416
+ "enabled":false,
417
+ "is_simple_match":false,
418
+ "rule_type":"request_header",
419
+ "string_match":"^If-Modified-Since.*$"
420
+ },
421
+ {
422
+ "comment":"Require non-cached response",
423
+ "enabled":false,
424
+ "is_simple_match":false,
425
+ "rule_type":"request_header",
426
+ "string_match":"^If-None-Match.*$"
427
+ },
428
+ {
429
+ "comment":"Hide Referer header",
430
+ "enabled":false,
431
+ "is_simple_match":false,
432
+ "rule_type":"request_header",
433
+ "string_match":"^Referer.*$"
434
+ },
435
+ {
436
+ "comment":"Require non-compressed responses",
437
+ "enabled":false,
438
+ "is_simple_match":false,
439
+ "rule_type":"request_header",
440
+ "string_match":"^Accept-Encoding.*$"
441
+ },
442
+ {
443
+ "comment":"Ignore cookies",
444
+ "enabled":false,
445
+ "is_simple_match":false,
446
+ "rule_type":"response_header",
447
+ "string_match":"^Set-Cookie.*$"
448
+ },
449
+ {
450
+ "comment":"Rewrite Host header",
451
+ "enabled":false,
452
+ "is_simple_match":false,
453
+ "rule_type":"request_header",
454
+ "string_match":"^Host: foo.example.org$",
455
+ "string_replace":"Host: bar.example.org"
456
+ },
457
+ {
458
+ "comment":"Add spoofed CORS origin",
459
+ "enabled":false,
460
+ "is_simple_match":true,
461
+ "rule_type":"request_header",
462
+ "string_replace":"Origin: foo.example.org"
463
+ },
464
+ {
465
+ "comment":"Remove HSTS headers",
466
+ "enabled":false,
467
+ "is_simple_match":false,
468
+ "rule_type":"response_header",
469
+ "string_match":"^Strict\\-Transport\\-Security.*$"
470
+ },
471
+ {
472
+ "comment":"Disable browser XSS protection",
473
+ "enabled":false,
474
+ "is_simple_match":true,
475
+ "rule_type":"response_header",
476
+ "string_replace":"X-XSS-Protection: 0"
477
+ }
478
+ ],
479
+ "miscellaneous":{
480
+ "disable_logging_to_history_and_site_map":false,
481
+ "disable_out_of_scope_logging_to_history_and_site_map":true,
482
+ "disable_web_interface":false,
483
+ "remove_unsupported_encodings_from_accept_encoding_headers_in_incoming_requests":true,
484
+ "set_connection_close_header_on_responses":false,
485
+ "set_connection_header_on_requests":true,
486
+ "strip_proxy_headers_in_incoming_requests":true,
487
+ "strip_sec_websocket_extensions_headers_in_incoming_requests":true,
488
+ "suppress_burp_error_messages_in_browser":false,
489
+ "unpack_gzip_deflate_in_requests":false,
490
+ "unpack_gzip_deflate_in_responses":true,
491
+ "use_http_10_in_requests_to_server":false,
492
+ "use_http_10_in_responses_to_client":false
493
+ },
494
+ "request_listeners":[
495
+ {
496
+ "certificate_mode":"per_host",
497
+ "custom_tls_protocols":[],
498
+ "enable_http2":true,
499
+ "listen_mode":"loopback_only",
500
+ "listener_port":8080,
501
+ "running":true,
502
+ "use_custom_tls_protocols":false
503
+ }
504
+ ],
505
+ "response_modification":{
506
+ "convert_https_links_to_http":false,
507
+ "enable_disabled_form_fields":false,
508
+ "highlight_unhidden_fields":false,
509
+ "remove_all_javascript":false,
510
+ "remove_input_field_length_limits":false,
511
+ "remove_javascript_form_validation":false,
512
+ "remove_object_tags":false,
513
+ "remove_secure_flag_from_cookies":false,
514
+ "unhide_hidden_form_fields":false
515
+ },
516
+ "ssl_pass_through":{
517
+ "automatically_add_entries_on_client_ssl_negotiation_failure":false,
518
+ "rules":[]
519
+ },
520
+ "web_sockets_history_display_filter":{
521
+ "by_annotation":{
522
+ "show_only_commented_items":false,
523
+ "show_only_highlighted_items":false
524
+ },
525
+ "by_listener":{
526
+ "listener_port":""
527
+ },
528
+ "by_request_type":{
529
+ "hide_incoming_messages":false,
530
+ "hide_outgoing_messages":false,
531
+ "show_only_in_scope_items":false
532
+ },
533
+ "by_search":{
534
+ "case_sensitive":false,
535
+ "negative_search":false,
536
+ "regex":false,
537
+ "term":""
538
+ }
539
+ }
540
+ },
541
+ "repeater":{
542
+ "allow_http2_alpn_override":false,
543
+ "enable_http1_keep_alive":false,
544
+ "enable_http2_connection_reuse":true,
545
+ "enforce_protocol_in_redirections":false,
546
+ "follow_redirections":"never",
547
+ "normalize_line_endings":true,
548
+ "process_cookies_in_redirections":false,
549
+ "strip_connection_header_over_http2":true,
550
+ "unpack_gzip_deflate":true,
551
+ "update_content_length":true
552
+ },
553
+ "sequencer":{
554
+ "live_capture":{
555
+ "ignore_abnormal_length_tokens":true,
556
+ "max_length_deviation":5,
557
+ "num_threads":5,
558
+ "throttle":0
559
+ },
560
+ "token_analysis":{
561
+ "compression":true,
562
+ "correlation":true,
563
+ "count":true,
564
+ "fips_long_run":true,
565
+ "fips_monobit":true,
566
+ "fips_poker":true,
567
+ "fips_runs":true,
568
+ "spectral":true,
569
+ "transitions":true
570
+ },
571
+ "token_handling":{
572
+ "base_64_decode_before_analyzing":false,
573
+ "pad_short_tokens_at":"start",
574
+ "pad_with":"0"
575
+ }
576
+ },
577
+ "target":{
578
+ "filter":{
579
+ "by_annotation":{
580
+ "show_only_commented_items":false,
581
+ "show_only_highlighted_items":false
582
+ },
583
+ "by_file_extension":{
584
+ "hide_items":[
585
+ "js",
586
+ "gif",
587
+ "jpg",
588
+ "png",
589
+ "css"
590
+ ],
591
+ "hide_specific":false,
592
+ "show_items":[
593
+ "asp",
594
+ "aspx",
595
+ "jsp",
596
+ "php"
597
+ ],
598
+ "show_only_specific":false
599
+ },
600
+ "by_folders":{
601
+ "hide_empty_folders":true
602
+ },
603
+ "by_mime_type":{
604
+ "show_css":false,
605
+ "show_flash":true,
606
+ "show_html":true,
607
+ "show_images":false,
608
+ "show_other_binary":false,
609
+ "show_other_text":true,
610
+ "show_script":true,
611
+ "show_xml":true
612
+ },
613
+ "by_request_type":{
614
+ "hide_not_found_items":true,
615
+ "show_only_in_scope_items":true,
616
+ "show_only_parameterized_requests":false,
617
+ "show_only_requested_items":false
618
+ },
619
+ "by_search":{
620
+ "case_sensitive":false,
621
+ "negative_search":false,
622
+ "regex":false,
623
+ "term":""
624
+ },
625
+ "by_status_code":{
626
+ "show_2xx":true,
627
+ "show_3xx":true,
628
+ "show_4xx":false,
629
+ "show_5xx":true
630
+ }
631
+ },
632
+ "scope":{
633
+ "advanced_mode":false,
634
+ "exclude":[],
635
+ "include":[
636
+ {
637
+ "enabled":true,
638
+ "prefix":"business.ing.ro/"
639
+ },
640
+ {
641
+ "enabled":true,
642
+ "prefix":"ebanking.ing.be/"
643
+ },
644
+ {
645
+ "enabled":true,
646
+ "prefix":"homebank.ro/"
647
+ },
648
+ {
649
+ "enabled":true,
650
+ "prefix":"ib.ing.cz/"
651
+ },
652
+ {
653
+ "enabled":true,
654
+ "prefix":"ing.ingdirect.es/"
655
+ },
656
+ {
657
+ "enabled":true,
658
+ "prefix":"ing.myleo.com/"
659
+ },
660
+ {
661
+ "enabled":true,
662
+ "prefix":"insidebusiness.ingwb.com/"
663
+ },
664
+ {
665
+ "enabled":true,
666
+ "prefix":"internetsubesi.ing.com.tr/"
667
+ },
668
+ {
669
+ "enabled":true,
670
+ "prefix":"kurumsalinternetsubesi.ing.com.tr/"
671
+ },
672
+ {
673
+ "enabled":true,
674
+ "prefix":"m.ing.fr/"
675
+ },
676
+ {
677
+ "enabled":true,
678
+ "prefix":"megabank.nl/"
679
+ },
680
+ {
681
+ "enabled":true,
682
+ "prefix":"mijn.ing.nl/"
683
+ },
684
+ {
685
+ "enabled":true,
686
+ "prefix":"mijnzakelijk.ing.nl/"
687
+ },
688
+ {
689
+ "enabled":true,
690
+ "prefix":"my.ing.lu/"
691
+ },
692
+ {
693
+ "enabled":true,
694
+ "prefix":"myaccount.ing.com/"
695
+ },
696
+ {
697
+ "enabled":true,
698
+ "prefix":"portal.inglease.pl/"
699
+ },
700
+ {
701
+ "enabled":true,
702
+ "prefix":"secure.ing.it/"
703
+ },
704
+ {
705
+ "enabled":true,
706
+ "prefix":"start.ingbusiness.pl/"
707
+ },
708
+ {
709
+ "enabled":true,
710
+ "prefix":"www.ing.com.au/"
711
+ },
712
+ {
713
+ "enabled":true,
714
+ "prefix":"www.ing.be/"
715
+ },
716
+ {
717
+ "enabled":true,
718
+ "prefix":"www.ing.com/"
719
+ },
720
+ {
721
+ "enabled":true,
722
+ "prefix":"www.ing.com.ph/"
723
+ },
724
+ {
725
+ "enabled":true,
726
+ "prefix":"www.ing.com.tr/"
727
+ },
728
+ {
729
+ "enabled":true,
730
+ "prefix":"www.ing.cz/"
731
+ },
732
+ {
733
+ "enabled":true,
734
+ "prefix":"www.ing.es/"
735
+ },
736
+ {
737
+ "enabled":true,
738
+ "prefix":"www.ing.fr/"
739
+ },
740
+ {
741
+ "enabled":true,
742
+ "prefix":"www.ing.it/"
743
+ },
744
+ {
745
+ "enabled":true,
746
+ "prefix":"www.ing.lu/"
747
+ },
748
+ {
749
+ "enabled":true,
750
+ "prefix":"www.ing.nl/"
751
+ },
752
+ {
753
+ "enabled":true,
754
+ "prefix":"www.ing.pl/"
755
+ },
756
+ {
757
+ "enabled":true,
758
+ "prefix":"www.ing.ro/"
759
+ },
760
+ {
761
+ "enabled":true,
762
+ "prefix":"www.ingcomfin.pl/"
763
+ },
764
+ {
765
+ "enabled":true,
766
+ "prefix":"www.inglease.pl/"
767
+ },
768
+ {
769
+ "enabled":true,
770
+ "prefix":"www.ingwb.com/"
771
+ },
772
+ {
773
+ "enabled":true,
774
+ "prefix":"www.mendesgans.com/"
775
+ },
776
+ {
777
+ "enabled":true,
778
+ "prefix":"www.twyp.com/"
779
+ }
780
+ ]
781
+ }
782
+ }
783
+ }