swisskyrepo
/
DamnWebScanner
mirror of https://github.com/swisskyrepo/DamnWebScanner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bugfix - POST scan was triggered by GET's forms

master
swisskyrepo 2016-12-30 00:41:57 +01:00
parent c200d4c77b
commit ebe71a4861
2 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Plugin/background.js
View File

@ -114,9 +114,9 @@ chrome.tabs.onUpdated.addListener(function(tabId,changeInfo, tab) {
post_data += (document.forms[i-1].elements[j].name+":"+document.forms[i-1].elements[j].value+"|");
}
// Send data to this plugin (POST Scan)
if(post_data != ''){
console.log(post_data);
// Send data to this plugin (POST Scan) - check the method, GET is already handle with onUpdated
if(post_data != '' && document.forms[i-1].method.toUpperCase() == 'POST'){
console.log(post_data);
chrome.runtime.sendMessage({type: "scan_plz", data:post_data, url:document.location.href, cookie:document.cookie}, function() {});
}
});

2
README.md
View File

@ -50,8 +50,6 @@ You can try the Error SQL, Blind SQL, LFI with Damn Vulnerable Web App
## TODO - Work in progress
- Should detect target in source code.. (list of targets, then launch scan)
- Should detect and work with POST requests
- all scans will be in another file, scans.py, (get_scan, post_scan)
- Do scan_rce/xss/bsqli for POST with data dict
## Thanks