search

menkrep1337 / XSSCon

XSSCon: Simple XSS Scanner tool
MIT License
210 stars 60 forks source link

ERROR #6

Open jojoli123 opened 5 years ago

jojoli123 commented 5 years ago

python3 xsscon.py -u http://192.168.219.1/DVWA/security.php --cookie{'PHPSESSID':'ikjlbcge19u973s9sbh9hcnad4'} usage: XSSCon -u [options] xsscon.py: error: unrecognized arguments: --cookie{PHPSESSID:ikjlbcge19u973s9sbh9hcnad4}

jojoli123 commented 5 years ago

root@kali:~/XSSCon# python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie {'security':'low'}

\ \/ / / | / | \ /\ _ | | / | ' \ {v0.5 Final} / \ ) |) | || () | | | | https://github.com/menkrep1337/XSSCon //__// \_/|| || <<<<<<< HEAD

[11:02:27] [INFO] Starting XSSCon...

Traceback (most recent call last): File "xsscon.py", line 74, in start() File "xsscon.py", line 52, in start core.main(getopt.u,getopt.proxy,getopt.user_agent,check(getopt),getopt.cookie,getopt.method) File "/root/XSSCon/lib/core.py", line 148, in main self.session=session(proxy,headers,cookie) File "/root/XSSCon/lib/helper/helper.py", line 26, in session r.cookies.update(cookie) File "/usr/lib/python3/dist-packages/requests/cookies.py", line 354, in update super(RequestsCookieJar, self).update(other) File "/usr/lib/python3.7/_collections_abc.py", line 846, in update for key, value in other: ValueError: not enough values to unpack (expected 2, got 1) root@kali:~/XSSCon#

jojoli123 commented 5 years ago

root@kali:~/XSSCon# python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie {'security':'low';'PHPSESSID':'ikjlbcge19u973s9sbh9hcnad4'}

\ \/ / / | / | \ /\ _ | | / | ' \ {v0.5 Final} / \ ) |) | || () | | | | https://github.com/menkrep1337/XSSCon //__// \_/|| || <<<<<<< HEAD

[11:03:58] [INFO] Starting XSSCon...

Traceback (most recent call last): File "xsscon.py", line 74, in start() File "xsscon.py", line 52, in start core.main(getopt.u,getopt.proxy,getopt.user_agent,check(getopt),getopt.cookie,getopt.method) File "/root/XSSCon/lib/core.py", line 148, in main self.session=session(proxy,headers,cookie) File "/root/XSSCon/lib/helper/helper.py", line 26, in session r.cookies.update(cookie) File "/usr/lib/python3/dist-packages/requests/cookies.py", line 354, in update super(RequestsCookieJar, self).update(other) File "/usr/lib/python3.7/_collections_abc.py", line 846, in update for key, value in other: ValueError: not enough values to unpack (expected 2, got 1) bash: PHPSESSID:ikjlbcge19u973s9sbh9hcnad4}:未找到命令

menkrep1337 commented 5 years ago

i will solve this problem

menkrep1337 commented 5 years ago

or you can modify the script lib/helper/helper.py r.cookies.update({"v":"y"})

jojoli123 commented 5 years ago

Cookie saving is still a problem and cannot log into the background.

root@kali:~/XSSCon# python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie {"security":"low"}{"PHPSESSID":"ikjlbcge19u973s9sbh9hcnad4"}

\ \/ / / | / | \ /\ _ | | / | ' \ {v0.5 Final} / \ ) |) | || () | | | | https://github.com/menkrep1337/XSSCon //__// \_/|| || <<<<<<< HEAD

[17:06:44] [INFO] Starting XSSCon...

[17:06:44] [INFO] Checking connection to: http://192.168.219.1/DVWA/vulnerabilities/xss_r/ [17:06:44] [INFO] Connection estabilished 200 [17:06:44] [WARNING] Target have form with POST method: http://192.168.219.1/DVWA/vulnerabilities/xss_r/login.php [17:06:44] [INFO] Collecting form input key..... [17:06:44] [INFO] Form key name: username value: [17:06:44] [INFO] Form key name: password value: [17:06:44] [INFO] Form key name: Login value: [17:06:44] [INFO] Form key name: user_token value: [17:06:44] [INFO] Sending payload (POST) method... [17:06:44] [INFO] This page is safe from XSS (POST) attack but not 100% yet...

menkrep1337 commented 5 years ago

Solved by json.loads python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie {"security":"low","PHPSESSID":"ikjlbcge19u973s9sbh9hcnad4"}

jojoli123 commented 5 years ago

is error root@kali:~/XSSCon# python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie {"security":"low","PHPSESSID":"ikjlbcge19u973s9sbh9hcnad4"} usage: XSSCon -u [options] xsscon.py: error: unrecognized arguments: PHPSESSID:ikjlbcge19u973s9sbh9hcnad4 root@kali:~/XSSCon# python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie {'security':'low','PHPSESSID':'ikjlbcge19u973s9sbh9hcnad4'} usage: XSSCon -u [options] xsscon.py: error: unrecognized arguments: PHPSESSID:ikjlbcge19u973s9sbh9hcnad4

menkrep1337 commented 5 years ago

"{.....}"

jojoli123 commented 5 years ago

PVqp4piVvZFKJfKx98gvsZqTKQSxIZhveBEd2fNhLt7grWjQTqCJAuEdr'}"

\ \/ / / | / | \ /\ _ | | / | ' \ {v0.5 Final} / \ ) |) | || () | | | | https://github.com/menkrep1337/XSSCon //__// \_/|| || <<<<<<< HEAD

[17:46:03] [INFO] Starting XSSCon...

[17:46:03] [INFO] Checking connection to: http://192.168.219.1/DVWA/vulnerabilities/xss_r/ [17:46:04] [INFO] Connection estabilished 200 [17:46:04] [WARNING] Target have form with POST method: http://192.168.219.1/DVWA/vulnerabilities/xss_r/login.php [17:46:04] [INFO] Collecting form input key..... [17:46:04] [INFO] Form key name: username value: [17:46:04] [INFO] Form key name: password value: [17:46:04] [INFO] Form key name: Login value: [17:46:04] [INFO] Form key name: user_token value: [17:46:04] [INFO] Sending payload (POST) method... [17:46:04] [INFO] This page is safe from XSS (POST) attack but not 100% yet...

jojoli123 commented 5 years ago

[17:44:45] [INFO] This page is safe from XSS (POST) attack but not 100% yet... root@kali:~/XSSCon# python3 xsscon.py -u "http://192.168.219.1/DVWA/vulnerabilities/xss_r/" --cookie "{'security':'low','PHPSESSID':'4k5e5mqg68rrrodr0qd40pj9q7','BEEFHOOK':'Aq3nsG8uPdpMtKkz6MeR2gOPVqp4piVvZFKJfKx98gvsZqTKQSxIZhveBEd2fNhLt7grWjQTqCJAuEdr'}"

\ \/ / / | / | \ /\ _ | | / | ' \ {v0.5 Final} / \ ) |) | || () | | | | https://github.com/menkrep1337/XSSCon //__// \_/|| || <<<<<<< HEAD

[17:46:03] [INFO] Starting XSSCon...

[17:46:03] [INFO] Checking connection to: http://192.168.219.1/DVWA/vulnerabilities/xss_r/ [17:46:04] [INFO] Connection estabilished 200 [17:46:04] [WARNING] Target have form with POST method: http://192.168.219.1/DVWA/vulnerabilities/xss_r/login.php [17:46:04] [INFO] Collecting form input key..... [17:46:04] [INFO] Form key name: username value: [17:46:04] [INFO] Form key name: password value: [17:46:04] [INFO] Form key name: Login value: [17:46:04] [INFO] Form key name: user_token value: [17:46:04] [INFO] Sending payload (POST) method... [17:46:04] [INFO] This page is safe from XSS (POST) attack but not 100% yet... root@kali:~/XSSCon#

menkrep1337 commented 5 years ago

XSSCon detect xss from action url

menkrep1337 commented 5 years ago

Maybe xss script executed in different url