Bug fixes - Button Start/Stop sync + logo for notif
swisskyrepo
parent
c15e76fc63
commit
71b589dbb7
|
|
@ -95,7 +95,7 @@ function send_target(server, url, deep, impact){
|
|||
}
|
||||
|
||||
// Set a clean local storage
|
||||
chrome.storage.sync.set({'xss': 0, 'sql': 0, 'lfi': 0, 'work': 1, 'list':'' })
|
||||
chrome.storage.sync.set({'xss': 0, 'sql': 0, 'lfi': 0, 'work': 0, 'list':'' })
|
||||
|
||||
// Launch a scan when the tab change
|
||||
chrome.tabs.onActivated.addListener(function(activeInfo) {
|
||||
|
|
|
|||
|
Before Width: | Height: | Size: 16 KiB After Width: | Height: | Size: 16 KiB |
|
|
@ -7,7 +7,7 @@
|
|||
"version": "1.0",
|
||||
|
||||
"browser_action": {
|
||||
"default_icon": "icons/icon.png",
|
||||
"default_icon": "icon.png",
|
||||
"default_popup": "popup.html"
|
||||
},
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@
|
|||
text-transform: uppercase;
|
||||
text-align: center;
|
||||
color: white;
|
||||
background-image: -webkit-linear-gradient(top,#EA464A,#D43C40);
|
||||
background-image: -webkit-linear-gradient(top,#5cb85c,#4cae4c);
|
||||
font-family: arial;
|
||||
font-weight: bold;
|
||||
line-height: 30px;
|
||||
|
|
@ -62,7 +62,7 @@
|
|||
</div>
|
||||
|
||||
<!-- Used only to display debug informations-->
|
||||
<a href='#stop' id='stop'>STOP</a>
|
||||
<a href='#stop' id='stop'>START</a>
|
||||
<a href='./vulns.html' target=_blank id='export'>LIST</a>
|
||||
<div id='debug'>
|
||||
<span id='status'>Status Server</span>
|
||||
|
|
|
|||
|
|
@ -87,7 +87,18 @@ document.addEventListener('DOMContentLoaded', function() {
|
|||
getCurrentTab(function(tab) {
|
||||
|
||||
// Display local storage
|
||||
chrome.storage.sync.get(['xss','sql','lfi','list'], function(items) {
|
||||
chrome.storage.sync.get(['xss','sql','lfi','list','work'], function(items) {
|
||||
|
||||
// Update start button
|
||||
if (items['work'] == 0){
|
||||
document.getElementById("stop").textContent = "START";
|
||||
document.getElementById("stop").style = "background-image: -webkit-linear-gradient(top,#5cb85c,#4cae4c);";
|
||||
}
|
||||
else{
|
||||
document.getElementById("stop").textContent = "STOP";
|
||||
document.getElementById("stop").style = "background-image: -webkit-linear-gradient(top,#EA464A,#D43C40);";
|
||||
}
|
||||
|
||||
|
||||
// Display the list of vulns
|
||||
var vulns = escape(items['list']).split('%7CDELIMITER%7C')
|
||||
|
|
@ -130,7 +141,7 @@ document.addEventListener('DOMContentLoaded', function() {
|
|||
document.getElementById("stop").addEventListener('click', () => {
|
||||
if(document.getElementById("stop").textContent == "STOP"){
|
||||
document.getElementById("stop").textContent = "START";
|
||||
document.getElementById("stop").style = "background-image: -webkit-linear-gradient(top,#99EA46,#71D43C);";
|
||||
document.getElementById("stop").style = "background-image: -webkit-linear-gradient(top,#5cb85c,#4cae4c);";
|
||||
chrome.storage.sync.set({'work': 0});
|
||||
}
|
||||
else{
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@
|
|||
text-transform: uppercase;
|
||||
text-align: center;
|
||||
color: white;
|
||||
background-image: -webkit-linear-gradient(top,#EA464A,#D43C40);
|
||||
background-image: -webkit-linear-gradient(top,#5cb85c,#4cae4c);
|
||||
font-family: arial;
|
||||
font-weight: bold;
|
||||
line-height: 30px;
|
||||
|
|
@ -43,8 +43,8 @@
|
|||
.datagrid {font: normal 12px/150% Arial, Helvetica, sans-serif; background: #fff; overflow: hidden; border: 1px solid #006699; -webkit-border-radius: 3px; -moz-border-radius: 3px; border-radius: 3px; }
|
||||
.datagrid table td, .datagrid table th { padding: 3px 16px; }
|
||||
.datagrid table thead th {background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #006699), color-stop(1, #00557F) );background:-moz-linear-gradient( center top, #006699 5%, #00557F 100% );filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#006699', endColorstr='#00557F');background-color:#006699; color:#FFFFFF; font-size: 15px; font-weight: bold; border-left: 1px solid #0070A8; }
|
||||
.datagrid table thead th:first-child { border: none; }
|
||||
.datagrid table tbody td { color: #00557F; border-left: 1px solid #E1EEF4;font-size: 12px;font-weight: normal; }
|
||||
.datagrid table thead th:first-child {padding:8px; border: none; }
|
||||
.datagrid table tbody td {padding:8px; color: #00557F; border-left: 1px solid #E1EEF4;font-size: 12px;font-weight: normal; }
|
||||
.datagrid table tbody .alt td { background: #E1EEf4; color: #00557F; }
|
||||
.datagrid table tbody td:first-child { border-left: none; }.datagrid table tbody tr:last-child td { border-bottom: none; }
|
||||
.datagrid{ width: 70%; margin: 0 auto; margin-bottom: 20px;}
|
||||
|
|
@ -89,7 +89,7 @@
|
|||
</div>
|
||||
|
||||
<!-- Used only to display debug informations-->
|
||||
<a href='#stop' id='stop'>STOP</a>
|
||||
<a href='#stop' id='stop'>START</a>
|
||||
<a href='./vulns.html' id='export'>LIST</a>
|
||||
<div id='debug'>
|
||||
<span id='status'>Status Server</span>
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ Currently it scans for:
|
|||
- Cross Site Scripting
|
||||
- Local File Inclusion
|
||||
|
||||
**Warnings :** Do not use this extension for illegal purpose, the main goal of it is to simplify the life of bug hunters. It's a BETA version, many improvements will come don't worry
|
||||
**Warnings :** Do not use this extension for illegal purpose, the main goal of it is to simplify the life of bug hunters. It's a **BETA version**, many improvements will come don't worry
|
||||
|
||||
## Install
|
||||
You need to install and configure the server, it uses ghost and flask with gunicorn
|
||||
|
|
@ -32,7 +32,7 @@ chmod +x ./launch
|
|||
```
|
||||
var config_server = "http://127.0.0.1:8000";
|
||||
```
|
||||
4 - Browse the internet !
|
||||
4 - Browse the internet ! (Don't forget to start the extension by clicking the 'START' button)
|
||||
|
||||
## New features
|
||||
- Detect if the server is up
|
||||
|
|
@ -40,7 +40,7 @@ var config_server = "http://127.0.0.1:8000";
|
|||
- New XSS vectors, work in different contexts (JS var, JS function, inside HTML tag, outside HTML tag)
|
||||
- Basic page to list the vulnerabilities URL and TYPE
|
||||
- Time based SQLi scanner using polyglot vectors (MySQL, SQLite, Oracle, Postgresql, SQL Server)
|
||||
- New logo for the plugin
|
||||
- New logo for the extension
|
||||
|
||||
## TODO - Work in progress
|
||||
- Should detect target in source code.. (list of targets, then launch scan)
|
||||
|
|
@ -49,7 +49,8 @@ var config_server = "http://127.0.0.1:8000";
|
|||
- Add some functions from https://sergeybelove.ru/one-button-scan/result/3004e0b978f19e58e3239087d119742779e1efbc/
|
||||
- Deep and impact : args['url'],args['deep'],args['impact']
|
||||
- Command injection :&sleep 5&'\"0&sleep 5&`'
|
||||
- Launch scan when a button is submitted
|
||||
- Launch scan when a button is clicked/ form submitted / page opened via URL
|
||||
- LFI scan improvement with data: wrapper
|
||||
|
||||
## Thanks
|
||||
- Polyglot vector for SQL injections [The Ultimate SQL Injection Payload](https://labs.detectify.com/2013/05/29/the-ultimate-sql-injection-payload/)
|
||||
|
|
|
|||
Loading…
Reference in New Issue