Ejemplo n.º 1
0
    def get(self):
        url = self.get_param('url', '', 'url')
        if url:
            self.set_template_value('url', url)
            self.set_template_value('title', 'DOM XSS Scanner - Scan %s' % url)
            response = HTTP().request(url)
            if response:
                content = response.content
                encoding = False
                dxs = DOMXSS()

                # try to determine charset from request headers
                ctype = response.headers['content-type'].strip()
                pos = ctype.find('charset=')
                if pos > 0:
                    encoding = ctype[pos + 8:len(ctype)].lower()

                if ctype.startswith('text/html') or ctype.startswith(
                        'text/xml'):
                    # try to determine charset from html if not set before
                    if not encoding:
                        encoding = dxs.get_charset_from_html(content)
                    script_urls = dxs.get_script_urls(url, content)
                    self.set_template_value('script_urls',
                                            json.dumps(script_urls))

                if not encoding:
                    encoding = 'utf-8'

                response_text = content.decode(encoding, 'ignore')
                self.set_template_value('response_text', response_text)

                if self.is_ajax():
                    self.generate('text/javascript', 'response.html')
                else:
                    self.generate('text/html', 'scan.html')

            else:
                self.set_template_value(
                    'error', 'Error: Supplied URL could not be fetched.')
                self.generate('text/html', 'error.html')

        else:
            self.set_template_value('error',
                                    'Error: Supplied URL is not valid.')
            self.generate('text/html', 'error.html')
Ejemplo n.º 2
0
 def setUp(self):
     self.dxs = DOMXSS()
     self.url = 'http://localhost:8080/'