def test_test_referer_injection(self, get_request_vuln): xss_info = xss.test_referer_injection("<html></html>", "https://example.com/", {})[0] expected_xss_info = xss.XSSData( 'https://example.com/', 'Referer', '<script>alert(0)</script>', '1029zxcs\\\'d"ao<ac>so[sb]po(pc)se;sl/bsl\\\\eq=3847asd') sqli_info = xss.test_referer_injection("<html></html>", "https://example.com/", {})[1] assert xss_info == expected_xss_info assert sqli_info is None
def test_test_query_injection(self, monkeypatch): monkeypatch.setattr(requests, 'get', self.mocked_requests_vuln) xss_info = xss.test_query_injection("<html></html>", "https://example.com/vuln.php?cmd=ls", {})[0] expected_xss_info = xss.XSSData('https://example.com/vuln.php?cmd=1029zxcs\'d"ao<ac>so[sb]po(pc)se;sl/bsl\\eq=3847asd', 'Query', '<script>alert(0)</script>', '1029zxcs\\\'d"ao<ac>so[sb]po(pc)se;sl/bsl\\\\eq=3847asd') sqli_info = xss.test_query_injection("<html></html>", "https://example.com/vuln.php?cmd=ls", {})[1] assert xss_info == expected_xss_info assert sqli_info is None
def test_test_end_of_url_injection(self, monkeypatch): monkeypatch.setattr(requests, 'get', self.mocked_requests_vuln) xss_info = xss.test_end_of_URL_injection("<html></html>", "https://example.com/index.html", {})[0] expected_xss_info = xss.XSSData('https://example.com/index.html/1029zxcs\'d"ao<ac>so[sb]po(pc)se;sl/bsl\\eq=3847asd', 'End of URL', '<script>alert(0)</script>', '1029zxcs\\\'d"ao<ac>so[sb]po(pc)se;sl/bsl\\\\eq=3847asd') sqli_info = xss.test_end_of_URL_injection("<html></html>", "https://example.com/", {})[1] assert xss_info == expected_xss_info assert sqli_info is None
def test_log_XSS_data(self, logger): xss.log_XSS_data(None) assert logger.args == [] # self, url: str, injection_point: str, exploit: str, line: str xss.log_XSS_data( xss.XSSData('https://example.com', 'Location', 'String', 'Line of HTML')) assert logger.args[0] == '===== XSS Found ====' assert logger.args[1] == 'XSS URL: https://example.com' assert logger.args[2] == 'Injection Point: Location' assert logger.args[3] == 'Suggested Exploit: String' assert logger.args[4] == 'Line: Line of HTML'
def test_get_XSS_info(self): # First type of exploit: <script>PAYLOAD</script> # Exploitable: xss_info = xss.get_XSS_data( b"<html><script>%s</script><html>" % xss.FULL_PAYLOAD, "https://example.com", "End of URL") expected_xss_info = xss.XSSData( 'https://example.com', "End of URL", '</script><script>alert(0)</script><script>', xss.FULL_PAYLOAD.decode('utf-8')) assert xss_info == expected_xss_info xss_info = xss.get_XSS_data( b"<html><script>%s</script><html>" % xss.FULL_PAYLOAD.replace(b"'", b"%27").replace(b'"', b"%22"), "https://example.com", "End of URL") expected_xss_info = xss.XSSData( "https://example.com", "End of URL", '</script><script>alert(0)</script><script>', xss.FULL_PAYLOAD.replace(b"'", b"%27").replace(b'"', b"%22").decode('utf-8')) assert xss_info == expected_xss_info # Non-Exploitable: xss_info = xss.get_XSS_data( b"<html><script>%s</script><html>" % xss.FULL_PAYLOAD.replace( b"'", b"%27").replace(b'"', b"%22").replace(b"/", b"%2F"), "https://example.com", "End of URL") assert xss_info is None # Second type of exploit: <script>t='PAYLOAD'</script> # Exploitable: xss_info = xss.get_XSS_data( b"<html><script>t='%s';</script></html>" % xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace( b">", b"%3E").replace(b"\"", b"%22"), "https://example.com", "End of URL") expected_xss_info = xss.XSSData( "https://example.com", "End of URL", "';alert(0);g='", xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace(b">", b"%3E").replace( b"\"", b"%22").decode('utf-8')) assert xss_info == expected_xss_info # Non-Exploitable: xss_info = xss.get_XSS_data( b"<html><script>t='%s';</script></html>" % xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace( b"\"", b"%22").replace(b"'", b"%22"), "https://example.com", "End of URL") assert xss_info is None # Third type of exploit: <script>t="PAYLOAD"</script> # Exploitable: xss_info = xss.get_XSS_data( b"<html><script>t=\"%s\";</script></html>" % xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace( b">", b"%3E").replace(b"'", b"%27"), "https://example.com", "End of URL") expected_xss_info = xss.XSSData( "https://example.com", "End of URL", '";alert(0);g="', xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace(b">", b"%3E").replace( b"'", b"%27").decode('utf-8')) assert xss_info == expected_xss_info # Non-Exploitable: xss_info = xss.get_XSS_data( b"<html><script>t=\"%s\";</script></html>" % xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace( b"'", b"%27").replace(b"\"", b"%22"), "https://example.com", "End of URL") assert xss_info is None # Fourth type of exploit: <a href='PAYLOAD'>Test</a> # Exploitable: xss_info = xss.get_XSS_data( b"<html><a href='%s'>Test</a></html>" % xss.FULL_PAYLOAD, "https://example.com", "End of URL") expected_xss_info = xss.XSSData("https://example.com", "End of URL", "'><script>alert(0)</script>", xss.FULL_PAYLOAD.decode('utf-8')) assert xss_info == expected_xss_info # Non-Exploitable: xss_info = xss.get_XSS_data( b"<html><a href='OtherStuff%s'>Test</a></html>" % xss.FULL_PAYLOAD.replace(b"'", b"%27"), "https://example.com", "End of URL") assert xss_info is None # Fifth type of exploit: <a href="PAYLOAD">Test</a> # Exploitable: xss_info = xss.get_XSS_data( b"<html><a href=\"%s\">Test</a></html>" % xss.FULL_PAYLOAD.replace(b"'", b"%27"), "https://example.com", "End of URL") expected_xss_info = xss.XSSData( "https://example.com", "End of URL", "\"><script>alert(0)</script>", xss.FULL_PAYLOAD.replace(b"'", b"%27").decode('utf-8')) assert xss_info == expected_xss_info # Non-Exploitable: xss_info = xss.get_XSS_data( b"<html><a href=\"OtherStuff%s\">Test</a></html>" % xss.FULL_PAYLOAD.replace(b"'", b"%27").replace(b"\"", b"%22"), "https://example.com", "End of URL") assert xss_info is None # Sixth type of exploit: <a href=PAYLOAD>Test</a> # Exploitable: xss_info = xss.get_XSS_data( b"<html><a href=%s>Test</a></html>" % xss.FULL_PAYLOAD, "https://example.com", "End of URL") expected_xss_info = xss.XSSData("https://example.com", "End of URL", "><script>alert(0)</script>", xss.FULL_PAYLOAD.decode('utf-8')) assert xss_info == expected_xss_info # Non-Exploitable xss_info = xss.get_XSS_data( b"<html><a href=OtherStuff%s>Test</a></html>" % xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace( b">", b"%3E").replace(b"=", b"%3D"), "https://example.com", "End of URL") assert xss_info is None # Seventh type of exploit: <html>PAYLOAD</html> # Exploitable: xss_info = xss.get_XSS_data( b"<html><b>%s</b></html>" % xss.FULL_PAYLOAD, "https://example.com", "End of URL") expected_xss_info = xss.XSSData("https://example.com", "End of URL", "<script>alert(0)</script>", xss.FULL_PAYLOAD.decode('utf-8')) assert xss_info == expected_xss_info # Non-Exploitable xss_info = xss.get_XSS_data( b"<html><b>%s</b></html>" % xss.FULL_PAYLOAD.replace( b"<", b"%3C").replace(b">", b"%3E").replace(b"/", b"%2F"), "https://example.com", "End of URL") assert xss_info is None # Eighth type of exploit: <a href=PAYLOAD>Test</a> # Exploitable: xss_info = xss.get_XSS_data( b"<html><a href=%s>Test</a></html>" % xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace(b">", b"%3E"), "https://example.com", "End of URL") expected_xss_info = xss.XSSData( "https://example.com", "End of URL", "Javascript:alert(0)", xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace(b">", b"%3E").decode('utf-8')) assert xss_info == expected_xss_info # Non-Exploitable: xss_info = xss.get_XSS_data( b"<html><a href=OtherStuff%s>Test</a></html>" % xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace( b">", b"%3E").replace(b"=", b"%3D"), "https://example.com", "End of URL") assert xss_info is None # Ninth type of exploit: <a href="STUFF PAYLOAD">Test</a> # Exploitable: xss_info = xss.get_XSS_data( b"<html><a href=\"STUFF %s\">Test</a></html>" % xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace(b">", b"%3E"), "https://example.com", "End of URL") expected_xss_info = xss.XSSData( "https://example.com", "End of URL", '" onmouseover="alert(0)" t="', xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace(b">", b"%3E").decode('utf-8')) assert xss_info == expected_xss_info # Non-Exploitable: xss_info = xss.get_XSS_data( b"<html><a href=\"STUFF %s\">Test</a></html>" % xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace( b">", b"%3E").replace(b'"', b"%22"), "https://example.com", "End of URL") assert xss_info is None # Tenth type of exploit: <a href='STUFF PAYLOAD'>Test</a> # Exploitable: xss_info = xss.get_XSS_data( b"<html><a href='STUFF %s'>Test</a></html>" % xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace(b">", b"%3E"), "https://example.com", "End of URL") expected_xss_info = xss.XSSData( "https://example.com", "End of URL", "' onmouseover='alert(0)' t='", xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace(b">", b"%3E").decode('utf-8')) assert xss_info == expected_xss_info # Non-Exploitable: xss_info = xss.get_XSS_data( b"<html><a href='STUFF %s'>Test</a></html>" % xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace( b">", b"%3E").replace(b"'", b"%22"), "https://example.com", "End of URL") assert xss_info is None # Eleventh type of exploit: <a href=STUFF_PAYLOAD>Test</a> # Exploitable: xss_info = xss.get_XSS_data( b"<html><a href=STUFF%s>Test</a></html>" % xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace(b">", b"%3E"), "https://example.com", "End of URL") expected_xss_info = xss.XSSData( "https://example.com", "End of URL", " onmouseover=alert(0) t=", xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace(b">", b"%3E").decode('utf-8')) assert xss_info == expected_xss_info # Non-Exploitable: xss_info = xss.get_XSS_data( b"<html><a href=STUFF_%s>Test</a></html>" % xss.FULL_PAYLOAD.replace(b"<", b"%3C").replace( b">", b"%3E").replace(b"=", b"%3D"), "https://example.com", "End of URL") assert xss_info is None
def test_data_equals(self): xssData = xss.XSSData("a", "b", "c", "d") sqliData = xss.SQLiData("a", "b", "c", "d") assert xssData == xssData assert sqliData == sqliData