From 04a06eb6b5b5813b4ec630fc1451b1734fbb22fc Mon Sep 17 00:00:00 2001 From: David Dworken Date: Tue, 17 Oct 2017 23:39:33 -0400 Subject: Added scanning for CSS injection and iframe injection --- examples/complex/xss_scanner.py | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'examples/complex/xss_scanner.py') diff --git a/examples/complex/xss_scanner.py b/examples/complex/xss_scanner.py index d954adf3..4b35c6c1 100755 --- a/examples/complex/xss_scanner.py +++ b/examples/complex/xss_scanner.py @@ -85,14 +85,19 @@ def get_cookies(flow: http.HTTPFlow) -> Cookies: def find_unclaimed_URLs(body: Union[str, bytes], requestUrl: bytes) -> None: """ Look for unclaimed URLs in script tags and log them if found""" + def getValue(attrs: List[Tuple[str, str]], attrName: str) -> str: + for name, value in attrs: + if attrName == name: + return value + class ScriptURLExtractor(HTMLParser): script_URLs = [] def handle_starttag(self, tag, attrs): - if tag == "script" and "src" in [name for name, value in attrs]: - for name, value in attrs: - if name == "src": - self.script_URLs.append(value) + if (tag == "script" or tag == "iframe") and "src" in [name for name, value in attrs]: + self.script_URLs.append(getValue(attrs, "src")) + if tag == "link" and getValue(attrs, "rel") == "stylesheet" and "href" in [name for name, value in attrs]: + self.script_URLs.append(getValue(attrs, "href")) parser = ScriptURLExtractor() try: @@ -105,7 +110,7 @@ def find_unclaimed_URLs(body: Union[str, bytes], requestUrl: bytes) -> None: try: gethostbyname(domain) except gaierror: - ctx.log.error("XSS found in %s due to unclaimed URL \"%s\" in script tag." % (requestUrl, url)) + ctx.log.error("XSS found in %s due to unclaimed URL \"%s\"." % (requestUrl, url)) def test_end_of_URL_injection(original_body: str, request_URL: str, cookies: Cookies) -> VulnData: -- cgit v1.2.3