Bugfix - Flask Local 127.0.0.1 -> 0.0.0.0

2017-01-07 23:27:28 +01:00 · 2017-01-07 23:27:28 +01:00 · 944b7b0fc1
parent 84ffc771a5
commit 944b7b0fc1
4 changed files with 11 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -41,6 +41,7 @@ If you have any trouble with Ghost you should have a look to the documentation :
 chmod +x ./launch
 ./launch
 ```
+Note: if Gunicorn fail you should launch the "server.py" instead
 3 - Edit the server configuration in popup.js and background.js with your server's informations
 ```
 var config_server = "http://127.0.0.1:8000";
@ -51,4 +52,8 @@ You can try the Error SQL, Blind SQL, LFI with Damn Vulnerable Web App
 ## Thanks
 - Polyglot vector for SQL injections [The Ultimate SQL Injection Payload](https://labs.detectify.com/2013/05/29/the-ultimate-sql-injection-payload/)
 - Polyglot vector for XSS injection 1 [One vector to rule them all](http://www.thespanner.co.uk/2010/09/15/one-vector-to-rule-them-all/)
- Polyglot vector for XSS injection 2 [Unleashing an Ultimate XSS Polyglot](https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot)
+- Polyglot vector for XSS injection 2 [Unleashing an Ultimate XSS Polyglot](https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot)
+
+# TODO
+- Verify=False in requests..
+- OpenURL redirect ?
--- a/Server/launch.sh
+++ b/Server/launch.sh
@ -1 +1 @@
-gunicorn --workers=3 server:app --timeout 90
+gunicorn --workers=3 server:app --timeout 360
--- a/Server/scans.py
+++ b/Server/scans.py
@ -12,7 +12,6 @@ Parameters: vulns - list of vulnerabilities, url - address of the target, fuzz -
 """
 def scan_xss(method, vulns, url, fuzz, cookie, useragent, firefox, data):
 	payload = 'jaVasCript:alert(1)//" name=alert(1) onErrOr=eval(name) src=1 autofocus oNfoCus=eval(name)><marquee><img src=x onerror=alert(1)></marquee>" ></textarea\></|\><details/open/ontoggle=prompt`1` ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>\'-->" ></script><sCrIpt>confirm(1)</scRipt>"><img/id="confirm&lpar; 1)"/alt="/"src="/"onerror=eval(id&%23x29;>\'"><!--'
-	print repr(fuzz),"fuzz"
 	try:	
 		with firefox.start() as session:

@ -36,15 +35,15 @@ def scan_xss(method, vulns, url, fuzz, cookie, useragent, firefox, data):

 			# Detect XSS result with an alert
 			if result == '1':
-				print "\t\t\033[93mXSS Detected \033[0m for ", fuzz, " with the payload :", payload
+				print "\t\t\033[93mXSS Detected\033[0m for ", fuzz, " with the payload :", payload
 				vulns['xss']  += 1
 				vulns['list'] += 'XSS|TYPE|'+inject+'|DELIMITER|'
 			else:
 				print "\t\t\033[94mXSS Failed \033[0m for ", fuzz, " with the payload :", payload

 	except Exception, e:
-		if "alert" in str(e):
-			print "\t\t\033[93mXSS Detected \033[0m for ", fuzz, " with the payload :", payload
+		if "confirm" in str(e) : #or "alert" in str(e):
+			print "\t\t\033[93mXSS Detected (False positive ?)\033[0m for ", fuzz, " with the payload :", payload
 			inject = url + ":" + fuzz + ":" + payload
 			vulns['xss']  += 1
 			vulns['list'] += 'XSS|TYPE|'+inject+'|DELIMITER|'
--- a/Server/server.py
+++ b/Server/server.py
@ -103,4 +103,4 @@ def index():
 	return jsonify(vulns)

 if __name__ == '__main__':
-	app.run(port=8000, threaded=True, passthrough_errors=False)
+	app.run(host='0.0.0.0', port=8000, threaded=True, passthrough_errors=False)