以DVWA应用为目标,测试目标URL是否存在XSS漏洞,其基本思想是:
1. 利用session登录DVWA应用
2. 下载目标URL网页,并提取出表单以及input等名称
3. 构造请求,并将XSS测试语句作为表单的提交内容
import requests from lxml import etree import sys class XSSTester: def __init__(self, target_url) -> None: self.banner() self.headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0', } self.sessions = requests.Session() login_url = 'http://192.168.140.137/dvwa/login.php' credentials_data = { 'username':'admin', 'password':'password', 'Login':'Login' } response = self.sessions.post(url=login_url, headers=self.headers, data=credentials_data).text if "Login failed" not in response: self.target_url = target_url else: print("Failed to authenticate") sys.exit(0) def banner(self): banner = """ ****************************************************************** ****************************************************************** XSS Test Tool by Jason Wong V1.0 ****************************************************************** ****************************************************************** """ print(banner) def xss_check(self, payload): response = self.sessions.get(url=self.target_url, headers=self.headers) html = etree.HTML(response.text) form_list = html.xpath("//form") for form in form_list: method = form.xpath('./@method')[0] action = self.target_url if form.xpath('./@action'): action = form.xpath('./@action')[0] input_list = form.xpath('.//input') dict_data = {} for input in input_list: name = input.xpath('./@name')[0] value = payload type = input.xpath('./@type')[0] if type == 'submit' and input.xpath('./@value'): value = input.xpath('./@value')[0] dict_data[name] = value if form.xpath('.//textarea'): text_area = form.xpath('.//textarea')[0] dict_data[text_area.xpath('./@name')[0]] = 'test data for text area' if method == 'post': response = self.sessions.post(url=action,data=dict_data,headers=self.headers).text if payload in response: print("XSS vulnerability exists on the target URL: tested by payload %s" % payload) sys.exit(0) else: response = self.sessions.get(url=action,params=dict_data, headers=self.headers).text if payload in response: print("XSS vulnerability exists on the target URL: tested by payload %s" % payload) sys.exit(0) def run(self): with open('XssPayloads.txt', 'r') as f: for line in f.readlines(): payload = line.strip() self.xss_check(payload) if __name__ == "__main__": target_url = 'http://192.168.140.137/dvwa/vulnerabilities/xss_s/' xss_tester = XSSTester(target_url=target_url) xss_tester.run()