Open jojoli123 opened 5 years ago
root@kali:~/XSSCon# python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie {'security':'low'}
\ \/ / / | / | \ /\ _ | | / | ' \ {v0.5 Final} / \ ) |) | || () | | | | https://github.com/menkrep1337/XSSCon //__// \_/|| || <<<<<<< HEAD
[11:02:27] [INFO] Starting XSSCon...
Traceback (most recent call last):
File "xsscon.py", line 74, in
root@kali:~/XSSCon# python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie {'security':'low';'PHPSESSID':'ikjlbcge19u973s9sbh9hcnad4'}
\ \/ / / | / | \ /\ _ | | / | ' \ {v0.5 Final} / \ ) |) | || () | | | | https://github.com/menkrep1337/XSSCon //__// \_/|| || <<<<<<< HEAD
[11:03:58] [INFO] Starting XSSCon...
Traceback (most recent call last):
File "xsscon.py", line 74, in
i will solve this problem
or you can modify the script lib/helper/helper.py r.cookies.update({"v":"y"})
Cookie saving is still a problem and cannot log into the background.
root@kali:~/XSSCon# python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie {"security":"low"}{"PHPSESSID":"ikjlbcge19u973s9sbh9hcnad4"}
\ \/ / / | / | \ /\ _ | | / | ' \ {v0.5 Final} / \ ) |) | || () | | | | https://github.com/menkrep1337/XSSCon //__// \_/|| || <<<<<<< HEAD
[17:06:44] [INFO] Starting XSSCon...
[17:06:44] [INFO] Checking connection to: http://192.168.219.1/DVWA/vulnerabilities/xss_r/
[17:06:44] [INFO] Connection estabilished 200
[17:06:44] [WARNING] Target have form with POST method: http://192.168.219.1/DVWA/vulnerabilities/xss_r/login.php
[17:06:44] [INFO] Collecting form input key.....
[17:06:44] [INFO] Form key name: username value:
[17:06:44] [INFO] Form key name: password value:
[17:06:44] [INFO] Form key name: Login value:
Solved by json.loads python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie {"security":"low","PHPSESSID":"ikjlbcge19u973s9sbh9hcnad4"}
is error
root@kali:~/XSSCon# python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie {"security":"low","PHPSESSID":"ikjlbcge19u973s9sbh9hcnad4"}
usage: XSSCon -u
"{.....}"
PVqp4piVvZFKJfKx98gvsZqTKQSxIZhveBEd2fNhLt7grWjQTqCJAuEdr'}"
\ \/ / / | / | \ /\ _ | | / | ' \ {v0.5 Final} / \ ) |) | || () | | | | https://github.com/menkrep1337/XSSCon //__// \_/|| || <<<<<<< HEAD
[17:46:03] [INFO] Starting XSSCon...
[17:46:03] [INFO] Checking connection to: http://192.168.219.1/DVWA/vulnerabilities/xss_r/
[17:46:04] [INFO] Connection estabilished 200
[17:46:04] [WARNING] Target have form with POST method: http://192.168.219.1/DVWA/vulnerabilities/xss_r/login.php
[17:46:04] [INFO] Collecting form input key.....
[17:46:04] [INFO] Form key name: username value:
[17:46:04] [INFO] Form key name: password value:
[17:46:04] [INFO] Form key name: Login value:
[17:44:45] [INFO] This page is safe from XSS (POST) attack but not 100% yet... root@kali:~/XSSCon# python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie "{'security':'low','PHPSESSID':'4k5e5mqg68rrrodr0qd40pj9q7','BEEFHOOK':'Aq3nsG8uPdpMtKkz6MeR2gOPVqp4piVvZFKJfKx98gvsZqTKQSxIZhveBEd2fNhLt7grWjQTqCJAuEdr'}"
\ \/ / / | / | \ /\ _ | | / | ' \ {v0.5 Final} / \ ) |) | || () | | | | https://github.com/menkrep1337/XSSCon //__// \_/|| || <<<<<<< HEAD
[17:46:03] [INFO] Starting XSSCon...
[17:46:03] [INFO] Checking connection to: http://192.168.219.1/DVWA/vulnerabilities/xss_r/
[17:46:04] [INFO] Connection estabilished 200
[17:46:04] [WARNING] Target have form with POST method: http://192.168.219.1/DVWA/vulnerabilities/xss_r/login.php
[17:46:04] [INFO] Collecting form input key.....
[17:46:04] [INFO] Form key name: username value:
[17:46:04] [INFO] Form key name: password value:
[17:46:04] [INFO] Form key name: Login value:
XSSCon detect xss from action url
Maybe xss script executed in different url
python3 xsscon.py -u http://192.168.219.1/DVWA/security.php --cookie{'PHPSESSID':'ikjlbcge19u973s9sbh9hcnad4'} usage: XSSCon -u [options]
xsscon.py: error: unrecognized arguments: --cookie{PHPSESSID:ikjlbcge19u973s9sbh9hcnad4}