class Pentest::XssChecker
Constants
- CRACKER_PAYLOAD
- XSS_PAYLOADS
Public Class Methods
new(endpoint, params)
click to toggle source
Calls superclass method
Pentest::BaseChecker::new
# File lib/pentest/checkers/xss_checker.rb, line 14 def initialize(endpoint, params) super(endpoint, params) end
Public Instance Methods
attack(param, injection_point, ingredients)
click to toggle source
# File lib/pentest/checkers/xss_checker.rb, line 18 def attack(param, injection_point, ingredients) preattack_payloads = generate_preattack_payloads(@params, ingredients, injection_point) errors = [] penetrated_payload = nil preattack_payloads.shuffle.each do |payload| request, response, err = dispatch(payload) status = get_status(err) || response.status Pentest::Logger.put_progress (status / 100).to_s errors << normalize_error(err, payload) document = Nokogiri::HTML(response.body) document_errors = document.errors.select {|e| is_critical_error(e)} if document_errors.any? payload.penetration_type = 'Cross-Site Scripting Vulnerability' payload.penetration_confidence = :preattack payload.penetration_message = report_errors(response.body, document_errors) penetrated_payload = payload break end end [penetrated_payload, errors] end
generate_preattack_payloads(params, seeds, injection_point)
click to toggle source
# File lib/pentest/checkers/xss_checker.rb, line 46 def generate_preattack_payloads(params, seeds, injection_point) values_list = if params.size - 1 <= 0 [[]] elsif params.size - 1 == 1 seeds.map {|s| [s]} else Pairwise.combinations(*([seeds] * (params.size - 1))) end values_list.map do |values| values.insert(injection_point, CRACKER_PAYLOAD) Pentest::Payload.new( params: params, route: @route, values: values, injection_point: injection_point, injection: CRACKER_PAYLOAD, ) end.take(50) end
Private Instance Methods
is_critical_error(error)
click to toggle source
# File lib/pentest/checkers/xss_checker.rb, line 70 def is_critical_error(error) error.to_s =~ /xzyxz/ end
report_errors(body, errors)
click to toggle source
# File lib/pentest/checkers/xss_checker.rb, line 74 def report_errors(body, errors) body_lines = body.lines error_strings = errors.map do |error| lines = [] lines << error.to_s lines << body_lines[error.line - 1].rstrip lines << ' ' * (error.column - 1) + '^' lines.join("\n") end error_strings.join("\n\n") end