Zaiflikni aniqlash uchun payloads yuborish.
""
Zaiflikni aniqlash uchun boshlanishiga judda sodda yuqorida ko’rsatilgan scriptni yuborib ko’ramiz
def test_xss_in_link(self, url):
xss_test_script = ""
url = url.replace("=", "=" + xss_test_script)
response = self.session.get(url)
return xss_test_script in response.content
def test_xss_in_form(self, form, url):
xss_test_script = ""
response = self.submit_from(form, xss_test_script, url)
return xss_test_script in response.content
Web sayt zaifligini aniqlash uchun javoblarni tahlil qilish
def run_scanner(self):
for link in self.target_links:
forms = self.extract_forms(link)
for form in forms:
print("[+] Testing form in " + link)
is_vulnerable_to_xss = self.test_xss_in_link(link)
if is_vulnerable_to_xss:
print("\n\n[***] XSS zaiflik aniqlandi " + link)
print(form)
if "=" in link:
print("[+] Testing " + link)
is_vulnerable_to_xss = self.test_xss_in_link(link)
if is_vulnerable_to_xss:
print("[***] XSS zaiflik aniqlandi " + link)
run_scanner methodimizni ham takomillashtirdik Endilikda XSS zaiflik aniqlangada bizga xabar beradi
Kodimizni ishga tushiramiz
Quyida dastur kodini ilova qilaman:
#!/usr/bin/env/ python
import requests
import re
import urlparse
from bs4 import BeautifulSoup
class Scanner:
def __init__(self, url, ignore_links):
self.session = requests.Session()
self.target_url = url
self.target_links = []
self.links_to_ignore = ignore_links
def extract_links_from(self, url):
response = self.session.get(url)
return re.findall(b'(?:href=")(.*?)"', response.content)
def crawl(self, url=None):
if url == None:
url = self.target_url
href_links = self.extract_links_from(url)
for link in href_links:
link = urlparse.urljoin(url, link)
if "#" in link:
link = link.split("#")[0]
if self.target_url in link and link not in self.target_links not in self.links_to_ignore:
self.target_links.append(link)
print(link)
self.crawl(link)
def extract_forms(self, url):
response = self.session.get(url)
parsed_html = BeautifulSoup(response.content, 'html.parser')
return parsed_html.find_all("form")
def submit_from(self, form, value, url):
print(form)
action = form.get("action")
post_url = urlparse.urljoin(url, action)
print(post_url)
method = form.get("method")
inputs_list = form.find_all("input")
post_data = {}
for input in inputs_list:
input_name = input.get("name")
input_type = input.get("type")
input_value = input.get("value")
if input_type == "text":
input_value = value
post_data[input_name] = input_value
if method == 'post':
return self.session.post(post_url, data=post_data)
return self.session.get(post_url, params=post_data)
def run_scanner(self):
for link in self.target_links:
forms = self.extract_forms(link)
for form in forms:
print("[+] Testing form in " + link)
is_vulnerable_to_xss = self.test_xss_in_link(link)
if is_vulnerable_to_xss:
print("\n\n[***] XSS zaiflik aniqlandi " + link)
print(form)
if "=" in link:
print("[+] Testing " + link)
is_vulnerable_to_xss = self.test_xss_in_link(link)
if is_vulnerable_to_xss:
print("[***] XSS zaiflik aniqlandi " + link)
def test_xss_in_link(self, url):
xss_test_script = ""
url = url.replace("=", "=" + xss_test_script)
response = self.session.get(url)
return xss_test_script in response.content
def test_xss_in_form(self, form, url):
xss_test_script = ""
response = self.submit_from(form, xss_test_script, url)
return xss_test_script in response.content
Xulosa
Web saytdagi zaiflikni topishni avtamatlashtirish uchun biz avvalambor Web sayt haqida ma’lumot yig’ib sayt xaritasini tuzib chiqishimiz kerak ekan
Web saytlardagi zaifliklar qanday zaiflik bo’lishidan qat’iy nazar, umumiy bosqichlar bir xil ekan. Biz yozgan dastur deyarli universal bo’ldi. Keyinchalik biz yana boshqa zaiflik haqida eshitib qolsak uni o’rganib osonlikcha kodimizga qo’shib qo’ya olar ekanmiz.Masalan SQL injection zaifligini aniqlash uchun kodimizga biroz qo’shimcha kiritsak yetarli bo’lar ekan.
Foydalanilgan adabiyotlar
Metasploit: The Penetration Tester's Guide (David Kennedy, Jim O'Gorman, Devon Kearns, Mati Aharon)
https://cwgsecurity.uz/
https://fork-portal.ru/
|
