Class: Pentest::XssChecker

Inherits:
BaseChecker show all
Defined in:
lib/pentest/checkers/xss_checker.rb

Constant Summary collapse

XSS_PAYLOADS = 
File.read(File.expand_path('../fuzzers/xss.txt', File.dirname(__FILE__)), encoding: 'utf-8').lines.map(&:strip).select {|l| l.size > 5 && l =~ /\W/}
CRACKER_PAYLOAD = 
%q(<xzyxz>)

Instance Method Summary collapse

Constructor Details

#initialize(endpoint, params) ⇒ XssChecker

Returns a new instance of XssChecker.



14
15
16
 
# File 'lib/pentest/checkers/xss_checker.rb', line 14

def initialize(endpoint, params)
  super(endpoint, params)
end

Instance Method Details

#attack(param, injection_point, ingredients) ⇒ Object 



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/pentest/checkers/xss_checker.rb', line 18

def attack(param, injection_point, ingredients)
  preattack_payloads = generate_preattack_payloads(@params, ingredients, injection_point)

  errors = []

  penetrated_payload = nil
  preattack_payloads.shuffle.each do |payload|
    request, response, err = dispatch(payload)
    status = get_status(err) || response.status

    Pentest::Logger.put_progress (status / 100).to_s

    errors << normalize_error(err, payload)
    document = Nokogiri::HTML(response.body)
    document_errors = document.errors.select {|e| is_critical_error(e)}

    if document_errors.any?
      payload.penetration_type = 'Cross-Site Scripting Vulnerability'
      payload.penetration_confidence = :preattack
      payload.penetration_message = report_errors(response.body, document_errors)
      penetrated_payload = payload
      break
    end
  end

  [penetrated_payload, errors]
end

#generate_preattack_payloads(params, seeds, injection_point) ⇒ Object 



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# File 'lib/pentest/checkers/xss_checker.rb', line 46

def generate_preattack_payloads(params, seeds, injection_point)
  values_list = if params.size - 1 <= 0
    [[]]
  elsif params.size - 1 == 1
    seeds.map {|s| [s]}
  else
    Pairwise.combinations(*([seeds] * (params.size - 1)))
  end

  values_list.map do |values|
    values.insert(injection_point, CRACKER_PAYLOAD)

    Pentest::Payload.new(
      params: params,
      route: @route,
      values: values,
      injection_point: injection_point,
      injection: CRACKER_PAYLOAD,
    )
  end.take(50)
end