Bugfix - Flask Local 127.0.0.1 -> 0.0.0.0

master
swisskyrepo 2017-01-07 23:27:28 +01:00
parent 84ffc771a5
commit 944b7b0fc1
4 changed files with 11 additions and 7 deletions

View File

@ -41,6 +41,7 @@ If you have any trouble with Ghost you should have a look to the documentation :
chmod +x ./launch
./launch
```
Note: if Gunicorn fail you should launch the "server.py" instead
3 - Edit the server configuration in popup.js and background.js with your server's informations
```
var config_server = "http://127.0.0.1:8000";
@ -52,3 +53,7 @@ You can try the Error SQL, Blind SQL, LFI with Damn Vulnerable Web App
- Polyglot vector for SQL injections [The Ultimate SQL Injection Payload](https://labs.detectify.com/2013/05/29/the-ultimate-sql-injection-payload/)
- Polyglot vector for XSS injection 1 [One vector to rule them all](http://www.thespanner.co.uk/2010/09/15/one-vector-to-rule-them-all/)
- Polyglot vector for XSS injection 2 [Unleashing an Ultimate XSS Polyglot](https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot)
# TODO
- Verify=False in requests..
- OpenURL redirect ?

View File

@ -1 +1 @@
gunicorn --workers=3 server:app --timeout 90
gunicorn --workers=3 server:app --timeout 360

View File

@ -12,7 +12,6 @@ Parameters: vulns - list of vulnerabilities, url - address of the target, fuzz -
"""
def scan_xss(method, vulns, url, fuzz, cookie, useragent, firefox, data):
payload = 'jaVasCript:alert(1)//" name=alert(1) onErrOr=eval(name) src=1 autofocus oNfoCus=eval(name)><marquee><img src=x onerror=alert(1)></marquee>" ></textarea\></|\><details/open/ontoggle=prompt`1` ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>\'-->" ></script><sCrIpt>confirm(1)</scRipt>"><img/id="confirm&lpar; 1)"/alt="/"src="/"onerror=eval(id&%23x29;>\'"><!--'
print repr(fuzz),"fuzz"
try:
with firefox.start() as session:
@ -36,15 +35,15 @@ def scan_xss(method, vulns, url, fuzz, cookie, useragent, firefox, data):
# Detect XSS result with an alert
if result == '1':
print "\t\t\033[93mXSS Detected \033[0m for ", fuzz, " with the payload :", payload
print "\t\t\033[93mXSS Detected\033[0m for ", fuzz, " with the payload :", payload
vulns['xss'] += 1
vulns['list'] += 'XSS|TYPE|'+inject+'|DELIMITER|'
else:
print "\t\t\033[94mXSS Failed \033[0m for ", fuzz, " with the payload :", payload
except Exception, e:
if "alert" in str(e):
print "\t\t\033[93mXSS Detected \033[0m for ", fuzz, " with the payload :", payload
if "confirm" in str(e) : #or "alert" in str(e):
print "\t\t\033[93mXSS Detected (False positive ?)\033[0m for ", fuzz, " with the payload :", payload
inject = url + ":" + fuzz + ":" + payload
vulns['xss'] += 1
vulns['list'] += 'XSS|TYPE|'+inject+'|DELIMITER|'

View File

@ -103,4 +103,4 @@ def index():
return jsonify(vulns)
if __name__ == '__main__':
app.run(port=8000, threaded=True, passthrough_errors=False)
app.run(host='0.0.0.0', port=8000, threaded=True, passthrough_errors=False)