swisskyrepo
/
DamnWebScanner
mirror of https://github.com/swisskyrepo/DamnWebScanner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Scan event updated: form submit & open page urlbar

master
swisskyrepo 2016-12-29 00:29:44 +01:00
parent e7729e74c6
commit 6bc3910d60
2 changed files with 23 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
Plugin/background.js
View File

@ -85,26 +85,31 @@ function send_target(server, url, deep, impact, cookies){
// Set a clean local storage
chrome.storage.sync.set({'rce':0, 'xss': 0, 'sql': 0, 'lfi': 0, 'work': 0, 'list':'' })
// Launch a scan when the tab change
chrome.tabs.onActivated.addListener(function(activeInfo) {
chrome.tabs.get(activeInfo.tabId, function(tab){
// Handle start/stop button
chrome.storage.sync.get(['work'], function(items) {
if(items['work'] == 1){
// Launch a scan when the tab change - Submit a form / Open new URL from bar
chrome.tabs.onUpdated.addListener(function(tabId,changeInfo, tab) {
if(changeInfo.status == 'complete'){
chrome.tabs.get(tabId, function(tab){
// Extract cookies from the domain
var cookies_string = "";
chrome.cookies.getAll({ 'domain': extract_domain(tab.url)}, function(cookies) {
for (var i = 0; i < cookies.length; i++) {
cookies_string += ("name:" + cookies[i].name + "|value:" + cookies[i].value+"\n");
}
// Handle start/stop button
chrome.storage.sync.get(['work'], function(items) {
if(items['work'] == 1){
// Start a scan with the url and the cookies
send_target(config_server, escape(tab.url), 0, 0, escape((cookies_string)) );
});
}
// Extract cookies from the domain
var cookies_string = "";
chrome.cookies.getAll({ 'domain': extract_domain(tab.url)}, function(cookies) {
for (var i = 0; i < cookies.length; i++) {
cookies_string += ("name:" + cookies[i].name + "|value:" + cookies[i].value+"\n");
}
// Start a scan with the url and the cookies
send_target(config_server, escape(tab.url), 0, 0, escape((cookies_string)) );
});
}
});
});
});
}
});

2
README.md
View File

@ -46,11 +46,11 @@ You can try the Error SQL, Blind SQL, LFI with Damn Vulnerable Web App
- New logo for the extension
- Re-use your cookies and user-agent to get access to page with cookie-authentication
- Export vulnerabilities into a CSV file
- Launch scan when a form is submitted or a page is opened via the URL bar
## TODO - Work in progress
- Should detect target in source code.. (list of targets, then launch scan)
- Should detect and work with POST requests
- Launch scan when a button is clicked/ form submitted / page opened via URL - chrome.tabs.onActivated.addListener onFormSubmit?
## Thanks
- Polyglot vector for SQL injections [The Ultimate SQL Injection Payload](https://labs.detectify.com/2013/05/29/the-ultimate-sql-injection-payload/)