class Pentest::XssChecker

Constants

CRACKER_PAYLOAD
XSS_PAYLOADS

Public Class Methods

new(endpoint, params) click to toggle source
Calls superclass method Pentest::BaseChecker::new
# File lib/pentest/checkers/xss_checker.rb, line 14
def initialize(endpoint, params)
  super(endpoint, params)
end

Public Instance Methods

attack(param, injection_point, ingredients) click to toggle source
# File lib/pentest/checkers/xss_checker.rb, line 18
def attack(param, injection_point, ingredients)
  preattack_payloads = generate_preattack_payloads(@params, ingredients, injection_point)

  errors = []

  penetrated_payload = nil
  preattack_payloads.shuffle.each do |payload|
    request, response, err = dispatch(payload)
    status = get_status(err) || response.status

    Pentest::Logger.put_progress (status / 100).to_s

    errors << normalize_error(err, payload)
    document = Nokogiri::HTML(response.body)
    document_errors = document.errors.select {|e| is_critical_error(e)}

    if document_errors.any?
      payload.penetration_type = 'Cross-Site Scripting Vulnerability'
      payload.penetration_confidence = :preattack
      payload.penetration_message = report_errors(response.body, document_errors)
      penetrated_payload = payload
      break
    end
  end

  [penetrated_payload, errors]
end
generate_preattack_payloads(params, seeds, injection_point) click to toggle source
# File lib/pentest/checkers/xss_checker.rb, line 46
def generate_preattack_payloads(params, seeds, injection_point)
  values_list = if params.size - 1 <= 0
    [[]]
  elsif params.size - 1 == 1
    seeds.map {|s| [s]}
  else
    Pairwise.combinations(*([seeds] * (params.size - 1)))
  end

  values_list.map do |values|
    values.insert(injection_point, CRACKER_PAYLOAD)

    Pentest::Payload.new(
      params: params,
      route: @route,
      values: values,
      injection_point: injection_point,
      injection: CRACKER_PAYLOAD,
    )
  end.take(50)
end

Private Instance Methods

is_critical_error(error) click to toggle source
# File lib/pentest/checkers/xss_checker.rb, line 70
def is_critical_error(error)
  error.to_s =~ /xzyxz/
end
report_errors(body, errors) click to toggle source
# File lib/pentest/checkers/xss_checker.rb, line 74
def report_errors(body, errors)
  body_lines = body.lines

  error_strings = errors.map do |error|
    lines = []
    lines << error.to_s
    lines << body_lines[error.line - 1].rstrip
    lines << ' ' * (error.column - 1) + '^'
    lines.join("\n")
  end

  error_strings.join("\n\n")
end