Browse Source

fixed payload encoders

psy 1 year ago
parent
commit
0edf044a23
1 changed files with 102 additions and 72 deletions
  1. 102 72
      core/main.py

+ 102 - 72
core/main.py

@@ -1125,7 +1125,7 @@ class xsser(EncoderDecoder, XSSerReporter):
             self.report("-"*45)
             self.report("\n[!] Hashing: \n")
             for key, value in self.hashed_injections.items():
-                if str(key) in dest_url:
+                if str(key) in str(dest_url):
                     if key not in current_hashes:
                         self.report(" [ " +key+" ] : [" , value + " ]")
                         self.final_hashes[key] = value
@@ -1145,50 +1145,60 @@ class xsser(EncoderDecoder, XSSerReporter):
                                 self.final_hashes[key] = value
                                 current_hashes.append(key)
                     else: # when using encoders (Str, Hex, Dec...)
-                        if "PAYLOAD" in payload["payload"]:
-                            payload_string = payload["payload"].replace("PAYLOAD", key)
-                        elif "VECTOR" in payload["payload"]:
-                            payload_string = payload["payload"].replace("VECTOR", key)
-                        elif "XSS" in payload["payload"]:
-                            payload_string = payload["payload"].replace("XSS", key)
-                        elif "X1S" in payload["payload"]:
-                            payload_string = payload["payload"].replace("X1S", key)
-                        if key not in current_hashes:
-                            self.report(" [ " +key+" ] : [" , value + " ]")
-                            self.final_hashes[key] = value
-                            current_hashes.append(key)
-                        hashed_payload = self.encoding_permutations(payload_string)
-                        if self.options.Cem:
-                            enc_perm = options.Cem.split(",")
-                            for e in enc_perm:
+                        if self.options.Str or self.options.Une or self.options.Mix or self.options.Dec or self.options.Hex or self.options.Hes or self.options.Cem:
+                            if "PAYLOAD" in payload["payload"]:
+                                payload_string = payload["payload"].replace("PAYLOAD", key)
+                            elif "VECTOR" in payload["payload"]:
+                                payload_string = payload["payload"].replace("VECTOR", key)
+                            elif "XSS" in payload["payload"]:
+                                payload_string = payload["payload"].replace("XSS", key)
+                            elif "X1S" in payload["payload"]:
+                                payload_string = payload["payload"].replace("X1S", key)
+                            if self.options.Cem:
+                                enc_perm = options.Cem.split(",")
+                                for e in enc_perm:
+                                    hashed_payload = self.encoding_permutations(payload_string)
+                                    if e == "Str":
+                                        hashed_payload = hashed_payload.replace(",", "%2C")
+                                        dest_url = dest_url.replace(",", "%2C")
+                                    if e == "Mix":
+                                        hashed_payload=urllib.parse.quote(hashed_payload)
+                                        dest_url = urllib.parse.quote(dest_url)
+                                    if e == "Dec":
+                                        hashed_payload = hashed_payload.replace("&#", "%26%23")
+                                        dest_url = dest_url.replace("&#", "%26%23")
+                                    if e == "Hex":
+                                        hashed_payload = hashed_payload.replace("%", "%25")
+                                        dest_url = dest_url.replace("%", "%25")
+                                    if e == "Hes":
+                                        hashed_payload = hashed_payload.replace("&#", "%26%23")
+                                        hashed_payload = hashed_payload.replace(";", "%3B")
+                                        dest_url = dest_url.replace("&#", "%26%23")
+                                        dest_url = dest_url.replace(";", "%3B")
+                            else:
                                 hashed_payload = self.encoding_permutations(payload_string)
-                                if e == "Str":
+                                if self.options.Str:
                                     hashed_payload = hashed_payload.replace(",", "%2C")
-                                if e == "Mix":
+                                    dest_url = dest_url.replace(",", "%2C")
+                                if self.options.Mix:
                                     hashed_payload=urllib.parse.quote(hashed_payload)
-                                if e == "Dec":
+                                    dest_url = urllib.parse.quote(dest_url)
+                                if self.options.Dec:
                                     hashed_payload = hashed_payload.replace("&#", "%26%23")
-                                if e == "Hex":
+                                    dest_url = dest_url.replace("&#", "%26%23")
+                                if self.options.Hex:
                                     hashed_payload = hashed_payload.replace("%", "%25")
-                                if e == "Hes":
+                                    dest_url = dest_url.replace("%", "%25")
+                                if self.options.Hes:
                                     hashed_payload = hashed_payload.replace("&#", "%26%23")
                                     hashed_payload = hashed_payload.replace(";", "%3B")
-                        else:
-                            if self.options.Str:
-                                hashed_payload = hashed_payload.replace(",", "%2C")
-                            if self.options.Mix:
-                                hashed_payload=urllib.parse.quote(hashed_payload)
-                            if self.options.Dec:
-                                hashed_payload = hashed_payload.replace("&#", "%26%23")
-                            if self.options.Hex:
-                                hashed_payload = hashed_payload.replace("%", "%25")
-                            if self.options.Hes:
-                                hashed_payload = hashed_payload.replace("&#", "%26%23")
-                                hashed_payload = hashed_payload.replace(";", "%3B")
-                        if str(hashed_payload) in str(dest_url):
-                            if key not in current_hashes:
-                                self.report(" [ " +key+" ] : [" , value + " ]")
-                                self.final_hashes[key] = value
+                                    dest_url = dest_url.replace("&#", "%26%23")
+                                    dest_url = dest_url.replace(";", "%3B")
+                            if str(hashed_payload) in str(dest_url):
+                                if key not in current_hashes:
+                                    self.report(" [ " +key+" ] : [" , value + " ]")
+                                    self.final_hashes[key] = value
+                                    current_hashes.append(key)
             if self.extra_hashed_injections:
                 for k, v in self.extra_hashed_injections.items():
                     payload_url = str(v[1])
@@ -1776,9 +1786,10 @@ class xsser(EncoderDecoder, XSSerReporter):
         current_hashes = [] # to check for ongoing hashes
         if payload['browser'] == "[Heuristic test]":
             for key, value in self.hashed_injections.items():
-                if key not in current_hashes:
-                    self.final_hashes[key] = value
-                    current_hashes.append(key)
+                if str(key) in dest_url:
+                    if key not in current_hashes:
+                        self.final_hashes[key] = value
+                        current_hashes.append(key)
         elif self.options.hash:
             for key, value in self.hashed_injections.items():
                 self.final_hashes[key] = value
@@ -1787,7 +1798,7 @@ class xsser(EncoderDecoder, XSSerReporter):
             self.report("-"*45)
             self.report("\n[!] Hashing: \n")
             for key, value in self.hashed_injections.items():
-                if str(key) in str(dest_url): # GET
+                if str(key) in str(dest_url):
                     if key not in current_hashes:
                         self.report(" [ " +key+" ] : [" , value + " ]")
                         self.final_hashes[key] = value
@@ -1807,40 +1818,60 @@ class xsser(EncoderDecoder, XSSerReporter):
                                 self.final_hashes[key] = value
                                 current_hashes.append(key)
                     else: # when using encoders (Str, Hex, Dec...)
-                        payload_string = payload["payload"].replace("PAYLOAD", key)
-                        hashed_payload = self.encoding_permutations(payload_string)
-                        if self.options.Cem:
-                            enc_perm = options.Cem.split(",")
-                            for e in enc_perm:
+                        if self.options.Str or self.options.Une or self.options.Mix or self.options.Dec or self.options.Hex or self.options.Hes or self.options.Cem:
+                            if "PAYLOAD" in payload["payload"]:
+                                payload_string = payload["payload"].replace("PAYLOAD", key)
+                            elif "VECTOR" in payload["payload"]:
+                                payload_string = payload["payload"].replace("VECTOR", key)
+                            elif "XSS" in payload["payload"]:
+                                payload_string = payload["payload"].replace("XSS", key)
+                            elif "X1S" in payload["payload"]:
+                                payload_string = payload["payload"].replace("X1S", key)
+                            if self.options.Cem:
+                                enc_perm = options.Cem.split(",")
+                                for e in enc_perm:
+                                    hashed_payload = self.encoding_permutations(payload_string)
+                                    if e == "Str":
+                                        hashed_payload = hashed_payload.replace(",", "%2C")
+                                        dest_url = dest_url.replace(",", "%2C")
+                                    if e == "Mix":
+                                        hashed_payload=urllib.parse.quote(hashed_payload)
+                                        dest_url = urllib.parse.quote(dest_url)
+                                    if e == "Dec":
+                                        hashed_payload = hashed_payload.replace("&#", "%26%23")
+                                        dest_url = dest_url.replace("&#", "%26%23")
+                                    if e == "Hex":
+                                        hashed_payload = hashed_payload.replace("%", "%25")
+                                        dest_url = dest_url.replace("%", "%25")
+                                    if e == "Hes":
+                                        hashed_payload = hashed_payload.replace("&#", "%26%23")
+                                        hashed_payload = hashed_payload.replace(";", "%3B")
+                                        dest_url = dest_url.replace("&#", "%26%23")
+                                        dest_url = dest_url.replace(";", "%3B")
+                            else:
                                 hashed_payload = self.encoding_permutations(payload_string)
-                                if e == "Str":
+                                if self.options.Str:
                                     hashed_payload = hashed_payload.replace(",", "%2C")
-                                if e == "Mix":
+                                    dest_url = dest_url.replace(",", "%2C")
+                                if self.options.Mix:
                                     hashed_payload=urllib.parse.quote(hashed_payload)
-                                if e == "Dec":
+                                    dest_url = urllib.parse.quote(dest_url)
+                                if self.options.Dec:
                                     hashed_payload = hashed_payload.replace("&#", "%26%23")
-                                if e == "Hex":
+                                    dest_url = dest_url.replace("&#", "%26%23")
+                                if self.options.Hex:
                                     hashed_payload = hashed_payload.replace("%", "%25")
-                                if e == "Hes":
+                                    dest_url = dest_url.replace("%", "%25")
+                                if self.options.Hes:
                                     hashed_payload = hashed_payload.replace("&#", "%26%23")
                                     hashed_payload = hashed_payload.replace(";", "%3B")
-                        else:
-                            if self.options.Str:
-                                hashed_payload = hashed_payload.replace(",", "%2C")
-                            if self.options.Mix:
-                                hashed_payload=urllib.parse.quote(hashed_payload)
-                            if self.options.Dec:
-                                hashed_payload = hashed_payload.replace("&#", "%26%23")
-                            if self.options.Hex:
-                                hashed_payload = hashed_payload.replace("%", "%25")
-                            if self.options.Hes:
-                                hashed_payload = hashed_payload.replace("&#", "%26%23")
-                                hashed_payload = hashed_payload.replace(";", "%3B")
-                        if str(hashed_payload) in str(dest_url): 
-                            if key not in current_hashes:
-                                self.report(" [ " +key+" ] : [" , value + " ]")
-                                self.final_hashes[key] = value
-                                current_hashes.append(key)
+                                    dest_url = dest_url.replace("&#", "%26%23")
+                                    dest_url = dest_url.replace(";", "%3B")
+                            if str(hashed_payload) in str(dest_url):
+                                if key not in current_hashes:
+                                    self.report(" [ " +key+" ] : [" , value + " ]")
+                                    self.final_hashes[key] = value
+                                    current_hashes.append(key)
             if self.extra_hashed_injections:
                 for k, v in self.extra_hashed_injections.items():
                     payload_url = str(v[1])
@@ -2090,7 +2121,7 @@ class xsser(EncoderDecoder, XSSerReporter):
         elif str(curl_handle.info()["http-code"]) == "504":
             self.report("\n[Error] 504 Gateway Timeout: The server did not receive a timely response specified by the URI (try: --ignore-proxy)\n")
         elif str(curl_handle.info()["http-code"]) == "0":
-            self.report("\n[Error] XSSer (or your TARGET) is not working properly...\n\n - Firewall\n - Proxy\n - Target offline\n - [?] ...\n")
+            self.report("\n[Error] XSSer (or your TARGET) is not working properly...\n\n - Wrong URL\n - Firewall\n - Proxy\n - Target offline\n - [?] ...\n")
         else:
             self.report("\n[Error] Not injected!. Server responses with http-code different to: 200 OK (" + str(curl_handle.info()["http-code"]) + ")\n")
         if str(curl_handle.info()["http-code"]) == "404":
@@ -2445,7 +2476,7 @@ class xsser(EncoderDecoder, XSSerReporter):
                 self.report("")
             else:
                 self.report("-"*25)
-                self.report("\n[Error] XSSer (or your TARGET) is not working properly...\n\n - Firewall\n - Proxy\n - Target offline\n - [?] ...\n")
+                self.report("\n[Error] XSSer (or your TARGET) is not working properly...\n\n - Wrong URL\n - Firewall\n - Proxy\n - Target offline\n - [?] ...\n")
             return self.crawled_urls
 
         if not options.imx or not options.flash or not options.xsser_gtk or not options.update:
@@ -3092,7 +3123,6 @@ class xsser(EncoderDecoder, XSSerReporter):
                 self.coo_injection = self.coo_injection + 1
                 self.options.cookie = cookie
                 extra_cookie = cookie
-                self.extra_hashed_injections[hashing] = "COO", payload['payload']
         return extra_agent, extra_referer, extra_cookie
 
     def attack(self, urls, payloads, query_string):