forked from gwen001/pentest-tools
-
Notifications
You must be signed in to change notification settings - Fork 1
/
puppeteer-xss.js
97 lines (81 loc) · 2.48 KB
/
puppeteer-xss.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
const puppeteer = require('puppeteer');
var args = process.argv.slice(2);
if( args.length < 2 || args.length > 5 ) {
console.log( 'Usage: node xss.js <method> <url> [<post_params>] [<cookies> <domain>]');
process.exit();
}
var method = Buffer.from(args[0], 'base64').toString()
var url = Buffer.from(args[1], 'base64').toString()
if( args.length > 3 ) {
var post = Buffer.from(args[2], 'base64').toString()
} else {
var post = '';
}
if( args.length >= 5 && args[3].length ) {
var cookies = Buffer.from(args[3], 'base64').toString().split(';');
var domain = Buffer.from(args[4], 'base64').toString()
var t_cookies = []
for( var i=0 ; i<cookies.length ; i++ ) {
c = cookies[i].trim().split( '=' );
t_cookies[i] = { 'domain':domain, 'name':c[0], 'value':c[1] }
}
} else {
var t_cookies = [];
var domain = '';
}
// console.log(method)
// console.log(url)
// console.log(post)
// console.log(t_cookies)
// console.log(domain)
setTimeout( run, 0, url, method, post, t_cookies );
setTimeout(function() {
process.exit();
}, 5000);
function run( url, method, post, t_cookies )
{
const options = {
args: [
'--no-sandbox',
'--disable-setuid-sandbox',
'--disable-dev-shm-usage',
'--disable-accelerated-2d-canvas',
'--no-first-run',
'--no-zygote',
'--single-process', // <- this one doesn't works in Windows
'--disable-gpu'
],
headless: true
};
puppeteer.launch(options).then(async browser => {
const page = await browser.newPage();
// await page.setUserAgent('Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/60.0');
if( t_cookies.length ) {
for( i=0 ; i<t_cookies.length ; i++ ) {
await page.setCookie( t_cookies[i] );
}
}
if( post.length ) {
await page.setRequestInterception( true );
page.on('request', interceptedRequest => {
interceptedRequest.continue({
method: 'POST',
postData: post,
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
});
});
}
page.on('dialog', async dialog => {
console.log('dialog() called: '+dialog.message());
// await page.close()
// await browser.close();
process.exit();
});
await page.goto( url );
// debug
// console.log( await page.content() )
await page.close()
await browser.close();
process.exit();
});
}