Bugfix - POST scan was triggered by GET's forms
parent
c200d4c77b
commit
ebe71a4861
|
@ -114,9 +114,9 @@ chrome.tabs.onUpdated.addListener(function(tabId,changeInfo, tab) {
|
|||
post_data += (document.forms[i-1].elements[j].name+":"+document.forms[i-1].elements[j].value+"|");
|
||||
}
|
||||
|
||||
// Send data to this plugin (POST Scan)
|
||||
if(post_data != ''){
|
||||
console.log(post_data);
|
||||
// Send data to this plugin (POST Scan) - check the method, GET is already handle with onUpdated
|
||||
if(post_data != '' && document.forms[i-1].method.toUpperCase() == 'POST'){
|
||||
console.log(post_data);
|
||||
chrome.runtime.sendMessage({type: "scan_plz", data:post_data, url:document.location.href, cookie:document.cookie}, function() {});
|
||||
}
|
||||
});
|
||||
|
|
|
@ -50,8 +50,6 @@ You can try the Error SQL, Blind SQL, LFI with Damn Vulnerable Web App
|
|||
|
||||
## TODO - Work in progress
|
||||
- Should detect target in source code.. (list of targets, then launch scan)
|
||||
- Should detect and work with POST requests
|
||||
- all scans will be in another file, scans.py, (get_scan, post_scan)
|
||||
- Do scan_rce/xss/bsqli for POST with data dict
|
||||
|
||||
## Thanks
|
||||
|
|
Loading…
Reference in New Issue