-
Notifications
You must be signed in to change notification settings - Fork 0
/
xss_scanners.py
31 lines (22 loc) · 1.29 KB
/
xss_scanners.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# -*- coding: utf-8 -*-
from gds.burp.api import IProxyResponseHandler, IRepeaterResponseHandler
from gds.burp.core import Component, implements
import re
# https://code.google.com/p/domxsswiki/wiki/FindingDOMXSS
DOM_XSS_SOURCE = re.compile(
'''(location\s*[\[.])|([.\[]\s*["']?\s*(arguments|dialogArguments|innerHTML|write(ln)?|open(Dialog)?|showModalDialog|cookie|URL|documentURI|baseURI|referrer|name|opener|parent|top|content|self|frames)\W)|(localStorage|sessionStorage|Database)'''
)
DOM_XSS_SINK = re.compile(
'''((src|href|data|location|code|value|action)\s*["'\]]*\s*\+?\s*=)|((replace|assign|navigate|getResponseHeader|open(Dialog)?|showModalDialog|eval|evaluate|execCommand|execScript|setTimeout|setInterval)\s*["'\]]*\s*\()'''
)
class DomXssScanner(Component):
implements(IProxyResponseHandler, IRepeaterResponseHandler)
def processResponse(self, request):
for lineno, line in enumerate(request.response.body.splitlines()):
if DOM_XSS_SOURCE.search(line):
self.log.warn('DOM XSS Source identified (line %d): %s',
lineno, line.strip())
if DOM_XSS_SINK.search(line):
self.log.warn('DOM XSS Sink identified (line %d): %s',
lineno, line.strip())
return