Closed geople closed 4 years ago
Hi @geople
Yes, you are right! ;-)
I have found some bytes-objects errors that aren't allowing tokens to arrive propertly, even when socket at port 19084 is correctly listening. Let me fix it.
Meanwhile, you can test if your socket on that port is launched correctly.
For example, when running on GTK/GUI mode, it goes open from start until end (and not just a snapshot to validate a payload as in shell mode). So, you can try this:
1) python3 xsser --gtk 2) sudo netstat -atunp | grep LISTEN | grep 19084
tcp 0 0 127.0.0.1:19084 0.0.0.0:* LISTEN 4565/python3.5
And not using GTK, but trying to catch that snapshot on time, this other way:
1) python3 xsser -u "http://testphp.vulnweb.com/search.php?test=query" -p "searchFor=XSS&goButton=go" --reverse-check 2) (as root) watch "netstat -atunp | grep LISTEN | grep 19084"
This feature should allows to several XSSer running on the same network to see/share results from others in -real time-, just visiting local IP ranges (ex: 192.168.1.23:19084/success/ed4021d42ca87fd47089dab4f437fb55) when a pentesting is being performanced, etc..
I will commit a patch for this, soon.
Many thanks for your report.
Cheers
Hi again, @geople ...
I have advanced this option considerably, as well as other details of the tool, to launch a new version of the code (XSSer v1.8.3), soon.
Finally, your request is more to add a feature than to fix a bug, since the previous version did not contemplate being able to perform a --reverse-check using POST. It was only possible through GET, and in a very limited way. Either using your own browser, or it was only possible using the GTK mode, since it contains an embedded Mozilla engine.
With the new version, it is perfectly possible.
What I have done has been to add another engine, which runs in headless mode and remove the option: --reverse-open. It is no longer necessary to use the browser in any case.
In the same way, I have added a hashes validation system, between the sent and the received, so that you cannot get a message saying that it has arrived, if it really does not.
Through flags, everything is now well controlled. That said, a great advance, thanks to your report.
Greetings.
Thanks for your dedication and your hard work! I will start testing after your new release !
new release is practically ready... ;-)
New release launched: https://github.com/epsylon/xsser/releases/tag/1.8.3
Hello I am testing http://testphp.vulnweb.com/search.php?test=query which is a known vulnerable site for testing purposes. It has a real XSS vulnerability.
To Reproduce 1) tcpdump -i any port 19084 -A 2) python3 xsser --auto -u "http://testphp.vulnweb.com/search.php?test=query" -p "searchFor=XSS&goButton=go" --reverse-check
Result of the scan** ( only final part ) `==================================================
http://testphp.vulnweb.com/search.php?test=querysearchFor=