Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-29 19:08:44 +00:00
Code Issues Projects Releases Wiki Activity

Added scanning for CSS injection and iframe injection

Browse Source
This commit is contained in:
David Dworken 2017-10-17 23:39:33 -04:00
parent d5173f3905
commit 04a06eb6b5
2 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
examples/complex/xss_scanner.py
View File

@ -85,14 +85,19 @@ def get_cookies(flow: http.HTTPFlow) -> Cookies:
def find_unclaimed_URLs(body: Union[str, bytes], requestUrl: bytes) -> None: def find_unclaimed_URLs(body: Union[str, bytes], requestUrl: bytes) -> None:
""" Look for unclaimed URLs in script tags and log them if found""" """ Look for unclaimed URLs in script tags and log them if found"""
def getValue(attrs: List[Tuple[str, str]], attrName: str) -> str:
for name, value in attrs:
if attrName == name:
return value
class ScriptURLExtractor(HTMLParser): class ScriptURLExtractor(HTMLParser):
script_URLs = [] script_URLs = []
def handle_starttag(self, tag, attrs): def handle_starttag(self, tag, attrs):
if tag == "script" and "src" in [name for name, value in attrs]: if (tag == "script" or tag == "iframe") and "src" in [name for name, value in attrs]:
for name, value in attrs: self.script_URLs.append(getValue(attrs, "src"))
if name == "src": if tag == "link" and getValue(attrs, "rel") == "stylesheet" and "href" in [name for name, value in attrs]:
self.script_URLs.append(value) self.script_URLs.append(getValue(attrs, "href"))
parser = ScriptURLExtractor() parser = ScriptURLExtractor()
try: try:
@ -105,7 +110,7 @@ def find_unclaimed_URLs(body: Union[str, bytes], requestUrl: bytes) -> None:
try: try:
gethostbyname(domain) gethostbyname(domain)
except gaierror: except gaierror:
ctx.log.error("XSS found in %s due to unclaimed URL \"%s\" in script tag." % (requestUrl, url)) ctx.log.error("XSS found in %s due to unclaimed URL \"%s\"." % (requestUrl, url))
def test_end_of_URL_injection(original_body: str, request_URL: str, cookies: Cookies) -> VulnData: def test_end_of_URL_injection(original_body: str, request_URL: str, cookies: Cookies) -> VulnData:

8
test/examples/test_xss_scanner.py
View File

@ -314,7 +314,13 @@ class TestXSSScanner():
assert logger.args == [] assert logger.args == []
xss.find_unclaimed_URLs("<html><script src=\"http://unclaimedDomainName.com\"></script></html>", xss.find_unclaimed_URLs("<html><script src=\"http://unclaimedDomainName.com\"></script></html>",
"https://example.com") "https://example.com")
assert logger.args[0] == 'XSS found in https://example.com due to unclaimed URL "http://unclaimedDomainName.com" in script tag.' assert logger.args[0] == 'XSS found in https://example.com due to unclaimed URL "http://unclaimedDomainName.com".'
xss.find_unclaimed_URLs("<html><iframe src=\"http://unclaimedDomainName.com\"></iframe></html>",
"https://example.com")
assert logger.args[0] == 'XSS found in https://example.com due to unclaimed URL "http://unclaimedDomainName.com".'
xss.find_unclaimed_URLs("<html><link rel=\"stylesheet\" href=\"http://unclaimedDomainName.com\"></html>",
"https://example.com")
assert logger.args[0] == 'XSS found in https://example.com due to unclaimed URL "http://unclaimedDomainName.com".'
def test_log_XSS_data(self, monkeypatch, logger): def test_log_XSS_data(self, monkeypatch, logger):
logger.args = [] logger.args = []