search

epsylon / xsser

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
https://xsser.03c8.net
1.17k stars 238 forks source link

minor bug: stack trace if not using hub mode #23

Closed aerickson closed 6 years ago

aerickson commented 7 years ago 
REDACTED-B-MBP:~/Downloads/xsser_1.7-1/xsser-public > ./xsser --no-head -u 'http://REDACTED.compute.amazonaws.com' --threads 1 --delay 10
===========================================================================

XSSer v1.7b: "ZiKA-47 Swarm!" - 2011/2016 - (GPLv3.0) -> by psy

===========================================================================
Testing [XSS from URL]...
===========================================================================
===========================================================================
Target: http://REDACTED.compute.amazonaws.com --> 2017-04-05 12:27:38.780426
===========================================================================

---------------------------------------------
[-] Hashing: 699dba50ce559bd23772497f9f49ca04
[+] Trying: http://REDACTED.compute.amazonaws.com/">699dba50ce559bd23772497f9f49ca04
[+] Browser Support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]
[-] Injection Results:

Not injected!. Server responses with http-code different to: 200 OK (406)
===========================================================================

Mosquito(es) landed!

===========================================================================
[*] Final Results:
===========================================================================

- Injections: 1
- Failed: 1
- Sucessfull: 0
- Accur: 0 %

===========================================================================

[I] Could not find any vulnerability!. Try another combination or hack it -manually- :)

===========================================================================

Traceback (most recent call last):
  File "./xsser", line 38, in <module>
    app.land(True)
  File "/Users/REDACTED/Downloads/xsser_1.7-1/xsser-public/core/main.py", line 1966, in land
    self.hub.shutdown()
  File "/Users/REDACTED/Downloads/xsser_1.7-1/xsser-public/core/tokenhub.py", line 66, in shutdown
    self.socket.shutdown(socket.SHUT_RDWR)
  File "/usr/local/Cellar/python/2.7.13/Frameworks/Python.framework/Versions/2.7/lib/python2.7/socket.py", line 228, in meth
    return getattr(self._sock,name)(*args)
socket.error: [Errno 57] Socket is not connected
REDACTED-B-MBP:~/Downloads/xsser_1.7-1/xsser-public >
epsylon commented 7 years ago

I cannot reproduce your bug. Can you try it by using --verbose (or switching on main.py -> DEBUG=0 to DEBUG=1)?

aerickson commented 7 years ago

Strange, perhaps because I'm on OS X?

Darwin REDACTED-B-MBP.local 15.6.0 Darwin Kernel Version 15.6.0: Mon Jan 9 23:07:29 PST 2017; root:xnu-3248.60.11.2.1~1/RELEASE_X86_64 x86_64

Thanks.

--

With --verbose:

REDACTED-B-MBP:~/Downloads/xsser_1.7-1/xsser-public > ./xsser --no-head -u 'http://REDACTED.compute.amazonaws.com' --threads 1 --delay 10 --verbose
===========================================================================

XSSer v1.7b: "ZiKA-47 Swarm!" - 2011/2016 - (GPLv3.0) -> by psy

===========================================================================
Testing [XSS from URL]...
===========================================================================

[-]Verbose: active
[-]Cookie: None
[-]HTTP User Agent: Googlebot/2.1 (+http://www.google.com/bot.html)
[-]HTTP Referer: None
[-]Extra HTTP Headers: None
[-]X-Forwarded-For: None
[-]X-Client-IP: None
[-]Authentication Type: None
[-]Authentication Credentials: None
[-]Proxy: None
[-]Timeout: 30
[-]Delaying: 10 seconds
[-]Delaying: 10 seconds
[-]Retries: 1 

===========================================================================
Target: http://REDACTED.compute.amazonaws.com --> 2017-04-14 11:30:37.042749
===========================================================================

---------------------------------------------
[-] Hashing: c9ef4aeda3600a6519a60b67925a9993
[+] Trying: http://REDACTED.compute.amazonaws.com/">c9ef4aeda3600a6519a60b67925a9993
[+] Browser Support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]
[-] Headers Results:

Date: Fri, 14 Apr 2017 18:30:47 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Accept, Content-Type, Origin, X-Requested-With, X-Auth-Token, X-Client-Token
X-Application-Context: application:live
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
http-code: 406
total-time: 0.175092
namelookup-time: 0.004958
connect-time: 0.065701
header-size: 536
request-size: 319
response-code: 406
ssl-verifyresult: 0
content-type: 
cookielist: []

---------------------------------------------
[-] Injection Results:

Not injected!. Server responses with http-code different to: 200 OK (406)
===========================================================================

Mosquito(es) landed!

===========================================================================
[*] Final Results:
===========================================================================

- Injections: 1
- Failed: 1
- Sucessfull: 0
- Accur: 0 %

===========================================================================

[I] Could not find any vulnerability!. Try another combination or hack it -manually- :)

===========================================================================

Traceback (most recent call last):
  File "./xsser", line 38, in <module>
    app.land(True)
  File "/Users/REDACTED/Downloads/xsser_1.7-1/xsser-public/core/main.py", line 1966, in land
    self.hub.shutdown()
  File "/Users/REDACTED/Downloads/xsser_1.7-1/xsser-public/core/tokenhub.py", line 66, in shutdown
    self.socket.shutdown(socket.SHUT_RDWR)
  File "/usr/local/Cellar/python/2.7.13/Frameworks/Python.framework/Versions/2.7/lib/python2.7/socket.py", line 228, in meth
    return getattr(self._sock,name)(*args)
socket.error: [Errno 57] Socket is not connected
REDACTED-B-MBP:~/Downloads/xsser_1.7-1/xsser-public >

With DEBUG=1:

REDACTED-B-MBP:~/Downloads/xsser_1.7-1/xsser-public > ./xsser --no-head -u 'http://REDACTED.compute.amazonaws.com' --threads 1 --delay 10          
===========================================================================

XSSer v1.7b: "ZiKA-47 Swarm!" - 2011/2016 - (GPLv3.0) -> by psy

===========================================================================
Testing [XSS from URL]...
===========================================================================
===========================================================================
Target: http://REDACTED.compute.amazonaws.com --> 2017-04-14 11:31:42.844027
===========================================================================

---------------------------------------------
[-] Hashing: f5a6eac3004023fffb3357cb444937d6
[+] Trying: http://REDACTED.compute.amazonaws.com/">f5a6eac3004023fffb3357cb444937d6
[+] Browser Support: [IE7.0|IE6.0|NS8.1-IE] [NS8.1-G|FF2.0] [O9.02]
[-] Injection Results:

Not injected!. Server responses with http-code different to: 200 OK (406)
===========================================================================

Mosquito(es) landed!

===========================================================================
[*] Final Results:
===========================================================================

- Injections: 1
- Failed: 1
- Sucessfull: 0
- Accur: 0 %

===========================================================================

[I] Could not find any vulnerability!. Try another combination or hack it -manually- :)

===========================================================================

Traceback (most recent call last):
  File "./xsser", line 38, in <module>
    app.land(True)
  File "/Users/REDACTED/Downloads/xsser_1.7-1/xsser-public/core/main.py", line 1966, in land
    self.hub.shutdown()
  File "/Users/REDACTED/Downloads/xsser_1.7-1/xsser-public/core/tokenhub.py", line 66, in shutdown
    self.socket.shutdown(socket.SHUT_RDWR)
  File "/usr/local/Cellar/python/2.7.13/Frameworks/Python.framework/Versions/2.7/lib/python2.7/socket.py", line 228, in meth
    return getattr(self._sock,name)(*args)
socket.error: [Errno 57] Socket is not connected
REDACTED-B-MBP:~/Downloads/xsser_1.7-1/xsser-public >
epsylon commented 7 years ago

I think it is related with local machine ports. This happens sometimes with OSx when using websockets.

Look, the hub is binding a socket on localhost:19084

You can try to see when XSSer is launched if you have this port correctly listening (netstat -atunp | grep LISTEN).

If is not listening, you can try to change it on "core/tokenhub.py#line 75" for another port such as 9999 or 8080 and try it again.

xiaofengtongxue commented 7 years ago

I also encountered the same problem

epsylon commented 7 years ago

@xiaofengtongxue can you provide me more details about it?. Which OS are you using?