Closed 0xPugal closed 4 months ago
Hi @0xPugal. Is it possible to send me the exact command you are using, including the URL? I understand if you don't want to share that here, but you can DM that on twitter. I can't seem to reproduce that issue. Also, you shouldn't be using FUZZ in any URLs you send to KNOXSS... it might not work as expected without the default value. You shouldn't use FUZZ, have any existing payloads in the URL, etc. just pass the URL's as the originally come, or you reduce your chances of it working properly
Hi @0xPugal. I've been looking into this and the only way I could see that this error could happen is with these lines:
session = requests.Session()
session.mount('https://', HTTP_ADAPTER)
This implies it could be a network issue on your side that caused the issue. Do you get the error consistently with the same URL, or does it work next time?
I will put a separate try catch
around that anyway, but not 100% sure if that is the issue right now without being able to reproduce.
Thanks
Xnl
~ knoxnl -i https://www.coursera.org/browse?source=deprecated_spark_cdp&journalid=1021
Current knoxnl version 4.2 (latest)
Selected config and settings:
Config file path: /home/pugal/.config/knoxnl/config.yml
KNOXSS API Url: https://api.knoxss.pro
KNOXSS API Key: e7c913af-a648-418b-xxxx-yyyyy
Discord Webhook: https://discord.com/api/webhooks/10101010110/7jyBOiPc5Y_kzOSp2wdo6pdfVps9FnvBQvRHNqt4luF00f-zzzzzzzzzzzzzzzzzzzzz
-i: https://www.coursera.org/browse?source=deprecated_spark_cdp&journalid=1021 The URL to check with KNOXSS API.
-X: GET The HTTP method checked by KNOXSS API.
-afb: False Whether the Advanced Filter Bypass option is passed to KNOXSS API.
-t: 600 The number of seconds to wait for KNOXSS API to respond.
-r: 3 The number of times to retry when having issues connecting to the KNOXSS API.
-ri: 30 How many seconds to wait before retrying when having issues connecting to the KNOXSS API.
-rb: 1.5 The backoff factor used when retrying when having issues connecting to the KNOXSS API.
Calling KNOXSS API...
KNOXSS API request:
Data: target=https://www.coursera.org/browse?source=deprecated_spark_cdp%26journalid=1021
KNOXSS API response:
:( There was a problem calling KNOXSS API: local variable 'resp' referenced before assignment
API calls made so far today - Unknown
when using cURL its working
➜ curl https://api.knoxss.pro -d target="https://www.coursera.org/browse?source=deprecated_spark_cdp%26journalid=1021" -H 'X-API-KEY: e7c913af-a648-418b-xxxx-yyyyy' -s
{
"XSS": "false",
"PoC": "none",
"Target": "https://www.coursera.org/browse?source=deprecated_spark_cdp&journalid=1021",
"POST Data": "none",
"Error": "none",
"API Call": "15/5000",
"Time Elapsed": "521.11s",
"Timestamp": "Thu, 25 Apr 2024 12:25:05 +0000",
"Version": "3.6.5"
}
Hi @0xPugal. I'm confused by this screen shot. According to the conifg info shown with -v
at the start, the -i
value passed was https://www.coursera.org/browse?journalid=FUZZ&source=Gxss
. But in the resonse from KNOXSS after that, it shows https://www.coursera.org/browse?source=deprecated_spark_cdp%26journalid=1021
as the URL is processed.
What was the exact command you used that produced that output?
I don't get that error for either of those URLs though. It does seem to be related to how you are calling knoxnl I think. If you could share that, it should help. You did put knoxnl -i https://www.coursera.org/browse?source=deprecated_spark_cdp&journalid=1021
, but I don't think that was what was run for that output, because -v
was used to get that output. Also, you should really include the URL in quotes if you manually pass it, because the & in the URL can ber intrepretted by the environment as running the command in the backgorund.
Hi @0xPugal . I have released v4.5. Can you run pip install --upgrade knoxnl
and let me know if it resolves your issue? Thanks
Hey @xnl-h4ck3r, The issue is now fixed. Thanks for your continuous support in fixing this issue. So I'm closing this issue for now.