search

s0md3v / XSStrike

Most advanced XSS scanner.
GNU General Public License v3.0
13.39k stars 1.91k forks source link

Exception is occurred while using XSStirke #235

Open exrme18 opened 5 years ago

exrme18 commented 5 years ago

Describe the bug Getting an error while running the tool.

XSStrike manish$ python3 xsstrike.py -u "http://192.168.1.9/hidden.php" --data "my_token=d02ac44ef112819f0941ce0f077770b0&xss=test" --proxy

XSStrike v3.1.4

Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/urllib3/connection.py", line 171, in _new_conn (self._dns_host, self.port), self.timeout, **extra_kw) File "/usr/local/lib/python3.7/site-packages/urllib3/util/connection.py", line 79, in create_connection raise err File "/usr/local/lib/python3.7/site-packages/urllib3/util/connection.py", line 69, in create_connection sock.connect(sa) ConnectionRefusedError: [Errno 61] Connection refused

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 600, in urlopen chunked=chunked) File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 354, in _make_request conn.request(method, url, **httplib_request_kw) File "/usr/local/Cellar/python/3.7.2_2/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 1229, in request self._send_request(method, url, body, headers, encode_chunked) File "/usr/local/Cellar/python/3.7.2_2/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 1275, in _send_request self.endheaders(body, encode_chunked=encode_chunked) File "/usr/local/Cellar/python/3.7.2_2/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 1224, in endheaders self._send_output(message_body, encode_chunked=encode_chunked) File "/usr/local/Cellar/python/3.7.2_2/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 1016, in _send_output self.send(msg) File "/usr/local/Cellar/python/3.7.2_2/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 956, in send self.connect() File "/usr/local/lib/python3.7/site-packages/urllib3/connection.py", line 196, in connect conn = self._new_conn() File "/usr/local/lib/python3.7/site-packages/urllib3/connection.py", line 180, in _new_conn self, "Failed to establish a new connection: %s" % e) urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPConnection object at 0x10b763cf8>: Failed to establish a new connection: [Errno 61] Connection refused

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/requests/adapters.py", line 445, in send timeout=timeout File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 638, in urlopen _stacktrace=sys.exc_info()[2]) File "/usr/local/lib/python3.7/site-packages/urllib3/util/retry.py", line 398, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='127.0.0.1', port=8085): Max retries exceeded with url: http://192.168.1.9/hidden.php (Caused by ProxyError('Cannot connect to proxy.', NewConnectionError('<urllib3.connection.HTTPConnection object at 0x10b763cf8>: Failed to establish a new connection: [Errno 61] Connection refused')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "xsstrike.py", line 174, in scan(target, paramData, encoding, headers, delay, timeout, skipDOM, find, skip) File "/Users/manish/Documents/Manish/mega/Mega/Git_Tools/py_venv/xss_tools/XSStrike/modes/scan.py", line 34, in scan response = requester(target, {}, headers, GET, delay, timeout).text File "/Users/manish/Documents/Manish/mega/Mega/Git_Tools/py_venv/xss_tools/XSStrike/core/requester.py", line 44, in requester timeout=timeout, verify=False, proxies=core.config.proxies) File "/usr/local/lib/python3.7/site-packages/requests/api.py", line 112, in post return request('post', url, data=data, json=json, kwargs) File "/usr/local/lib/python3.7/site-packages/requests/api.py", line 58, in request return session.request(method=method, url=url, kwargs) File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 512, in request resp = self.send(prep, send_kwargs) File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 622, in send r = adapter.send(request, kwargs) File "/usr/local/lib/python3.7/site-packages/requests/adapters.py", line 507, in send raise ProxyError(e, request=request) requests.exceptions.ProxyError: HTTPConnectionPool(host='127.0.0.1', port=8085): Max retries exceeded with url: http://192.168.1.9/hidden.php (Caused by ProxyError('Cannot connect to proxy.', NewConnectionError('<urllib3.connection.HTTPConnection object at 0x10b763cf8>: Failed to establish a new connection: [Errno 61] Connection refused')))

To Reproduce You can use the following code.

Submit your script:
"; ?>
'; } $data['my_token'] = md5(uniqid(rand(), true)); $_SESSION['my_token'] = $data['my_token']; } else if($_SERVER['REQUEST_METHOD']==="GET") { // } else { echo "Oops !!!"; } ?>

Environment: MacOS

s0md3v commented 5 years ago

Are yous sure that the proxy server in use is working correctly?