Blind XSS Support

2018-11-13 22:28:09 +05:30
parent 69c9b353c7
commit bdda8c5cac
3 changed files with 17 additions and 10 deletions
--- a/README.md
+++ b/README.md
@@ -44,16 +44,17 @@ Here are some examples of the payloads generated by XSStrike:
 Apart from that, XSStrike has crawling, fuzzing, parameter discovery, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.

 ### Main Features
- Reflected and DOM XSS Scanning
+- Reflected and DOM XSS scanning
 - Multi-threaded crawling
 - Context analysis
- Configurable Core
- Highly Researched Work-flow
+- Configurable core
 - WAF detection & evasion
+- Intelligent payload generator
 - Handmade HTML & JavaScript parser
 - Powerful fuzzing engine
- Intelligent payload generator
- Complete HTTP Support
+- Blind XSS support
+- Highly researched work-flow
+- Complete HTTP support
 - Bruteforce payloads from a file
 - Powered by [Photon](https://github.com/s0md3v/Photon), [Zetanize](https://github.com/s0md3v/zetanize) and [Arjun](https://github.com/s0md3v/Arjun)
 - Payload Encoding
--- a/core/config.py
+++ b/core/config.py
@@ -1,6 +1,7 @@
-changes = '''verbose toggle;bruteforcer from a file;bug fixes;payload encoding'''
+changes = '''blind xss support'''

 defaultEditor = 'nano'
+blindPayload = '' # your blind XSS payload
 xsschecker = 'v3dm0s' # A non malicious string to check for reflections and stuff

 minEfficiency = 90
--- a/xsstrike.py
+++ b/xsstrike.py
@@ -12,7 +12,7 @@ print('''%s
 try:
    from urllib.parse import quote_plus, unquote, urlparse
 except ImportError: # throws error in python2
-    print ('%s XSStrike isn\'t compatible with python2.' % bad)
+    print ('%s XSStrike isn\'t compatible with python2.\n Use python > 3.4 to run XSStrike.' % bad)
    quit()

 # Let's import whatever we need
@@ -38,7 +38,7 @@ from core.requester import requester
 from core.htmlParser import htmlParser
 from core.wafDetector import wafDetector
 from core.filterChecker import filterChecker
-from core.config import xsschecker, minEfficiency
+from core.config import xsschecker, minEfficiency, blindPayload
 from core.utils import getUrl, getParams, flattenParams, extractHeaders, verboseOutput

 # Processing command line arguments
@@ -59,6 +59,7 @@ parser.add_argument('-d', '--delay', help='delay between requests', dest='delay'
 parser.add_argument('--skip', help='don\'t ask to continue', dest='skip', action='store_true')
 parser.add_argument('--skip-dom', help='skip dom checking', dest='skipDOM', action='store_true')
 parser.add_argument('-v', '--vectors', help='verbose output', dest='verbose', action='store_true')
+parser.add_argument('--blind', help='inject blind XSS payload while crawling', dest='blindXSS', action='store_true')
 args = parser.parse_args()

 if args.headers:
@@ -74,6 +75,7 @@ paramData = args.data
 verbose = args.verbose
 skipDOM = args.skipDOM
 level = args.level or 2
+blindXSS = args.blindXSS
 delay = args.delay or core.config.delay
 timeout = args.timeout or core.config.timeout
 threadCount = args.threads or core.config.threadCount
@@ -206,7 +208,7 @@ def singleTarget(target, paramData, verbose, encoding):
                    print ('%s Efficiency: %i' % (info, bestEfficiency))
                    print ('%s Confidence: %i' % (info, confidence))

-def multiTargets(scheme, host, main_url, form, domURL, verbose):
+def multiTargets(scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload):
    signatures = set()
    if domURL and not skipDOM:
        response = requests.get(domURL).text
@@ -256,6 +258,9 @@ def multiTargets(scheme, host, main_url, form, domURL, verbose):
                                    break
                                except IndexError:
                                    pass
+                        if blindXSS and blindPayload:
+                            paramsCopy[paramName] = blindPayload
+                            requester(url, paramsCopy, headers, GET, delay, timeout)


 def bruteforcer(target, paramData, payloadList, verbose, encoding):
@@ -303,7 +308,7 @@ else:
        for i in range(difference):
            domURLs.append(0)
    threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threadCount)
-    futures = (threadpool.submit(multiTargets, scheme, host, main_url, form, domURL, verbose) for form, domURL in zip(forms, domURLs))
+    futures = (threadpool.submit(multiTargets, scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload) for form, domURL in zip(forms, domURLs))
    for i, _ in enumerate(concurrent.futures.as_completed(futures)):
        if i + 1 == len(forms) or (i + 1) % threadCount == 0:
            print('%s Progress: %i/%i' % (info, i + 1, len(forms)), end='\r')