-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
418 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,175 @@ | ||
| body { | ||
| font-family: Arial, sans-serif; | ||
| margin: 0; | ||
| padding: 0; | ||
| background-color: #f0f0f0; | ||
| } | ||
| .container { | ||
| max-width: 1200px; | ||
| margin: 20px auto; | ||
| padding: 20px; | ||
| border-radius: 5px; | ||
| background-color: #D3D3D3; | ||
| box-shadow: 0px 0px 10px rgba(0, 0, 0, 0.1); | ||
| text-align: center; | ||
| } | ||
| h3 { | ||
| color: #3a3b3c; | ||
| } | ||
| .btn-container { | ||
| display: flex; | ||
| justify-content: center; | ||
| margin-top: 20px; | ||
| } | ||
| .btn { | ||
| padding: 10px 20px; | ||
| font-size: 16px; | ||
| border: none; | ||
| border-radius: 5px; | ||
| cursor: pointer; | ||
| margin: 0 5px; | ||
| } | ||
| .btn-first { | ||
| background-color: #473721; | ||
| color: white; | ||
| } | ||
| .btn-second { | ||
| background-color: #282130; | ||
| color: wheat; | ||
| } | ||
|
|
||
| .btn-third { | ||
| background-color: #F18A85; | ||
| color: black; | ||
| } | ||
|
|
||
| .btn-forth { | ||
| background-color: #24788F; | ||
| color: black; | ||
| } | ||
| .btn-fifth{ | ||
| background-color: #849dab; | ||
| } | ||
| #payload { | ||
| margin-top: 2px; | ||
| padding: 2px; | ||
| border-radius: 2px; | ||
| /*background-color: #8cb3b9;*/ | ||
| transition: background-color 0.5s ease; /* Add transition for smooth color change */ | ||
| width: calc(100% - 40px); /* Adjust the width as needed */ | ||
| margin-left: auto; | ||
| margin-right: auto; | ||
| } | ||
|
|
||
| .input-wrapper { | ||
| position: relative; | ||
| } | ||
| .input-wrapper input { | ||
| width: 300px; | ||
| padding: 10px; | ||
| border: 1px solid #ccc; | ||
| border-radius: 5px; | ||
| outline: none; | ||
| font-size: 16px; | ||
| } | ||
| .input-wrapper input:focus { | ||
| border-color: #007bff; | ||
| box-shadow: 0 0 5px rgba(0, 123, 255, 0.5); | ||
| } | ||
| .input-wrapper label { | ||
| position: absolute; | ||
| top: 12px; | ||
| left: 10px; | ||
| color: #888; | ||
| transition: all 0.2s ease; | ||
| pointer-events: none; | ||
| } | ||
| .input-wrapper input:focus + label, .input-wrapper input:not(:placeholder-shown) + label { | ||
| top: -10px; | ||
| font-size: 12px; | ||
| color: #007bff; | ||
| } | ||
| /* New styles for showing request status */ | ||
| #request-status { | ||
| margin-top: 10 | ||
| } | ||
| * { | ||
| border: 0; | ||
| box-sizing: border-box; | ||
| margin: 0; | ||
| padding: 0; | ||
| } | ||
| :root { | ||
| --hue: 223; | ||
| --bg: hsl(var(--hue),90%,95%); | ||
| --fg: hsl(var(--hue),90%,5%); | ||
| --trans-dur: 0.3s; | ||
| font-size: 20px | ||
| } | ||
| body { | ||
| background-color: var(--bg); | ||
| color: var(--fg); | ||
| font: 1em/1.5 sans-serif; | ||
| height: 100vh; | ||
| display: grid; | ||
| place-items: center; | ||
| transition: background-color var(--trans-dur); | ||
| } | ||
| main { | ||
| padding: 1.5em 0; | ||
| } | ||
| .ip { | ||
| width: 150px; | ||
| height: 150px; | ||
| } | ||
| .ip__track { | ||
| stroke: hsl(var(--hue),90%,90%); | ||
| transition: stroke var(--trans-dur); | ||
| } | ||
| .ip__worm1, | ||
| .ip__worm2 { | ||
| animation: worm1 2s linear infinite; | ||
| } | ||
| .ip__worm2 { | ||
| animation-name: worm2; | ||
| } | ||
|
|
||
| /* Dark theme */ | ||
| @media (prefers-color-scheme: dark) { | ||
| :root { | ||
| --bg: hsl(var(--hue),90%,5%); | ||
| --fg: hsl(var(--hue),90%,95%); | ||
| } | ||
| .ip__track { | ||
| stroke: hsl(var(--hue),90%,15%); | ||
| } | ||
| } | ||
|
|
||
| /* Animation */ | ||
| @keyframes worm1 { | ||
| from { | ||
| stroke-dashoffset: 0; | ||
| } | ||
| 50% { | ||
| animation-timing-function: steps(1); | ||
| stroke-dashoffset: -358; | ||
| } | ||
| 50.01% { | ||
| animation-timing-function: linear; | ||
| stroke-dashoffset: 358; | ||
| } | ||
| to { | ||
| stroke-dashoffset: 0; | ||
| } | ||
| } | ||
| @keyframes worm2 { | ||
| from { | ||
| stroke-dashoffset: 358; | ||
| } | ||
| 50% { | ||
| stroke-dashoffset: 0; | ||
| } | ||
| to { | ||
| stroke-dashoffset: -358; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| <!DOCTYPE html> | ||
| <html lang="en"> | ||
| <head> | ||
| <meta charset="UTF-8"> | ||
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> | ||
| <title>Dynamic XHR Response</title> | ||
| <head> | ||
| <link rel="stylesheet" href="index.css"> | ||
| </head> | ||
| </head> | ||
| <body> | ||
| <div class="container"> | ||
| <h2>SSRF ASVS</h2> | ||
| <div class="btn-container"> | ||
| <button class="btn btn-first" onclick="set_payload('https://spotless-frog-wetsuit.cyclic.cloud/ssrf/1','file:///etc/passwd')">File Schema</button> | ||
| <button class="btn btn-second" onclick="set_payload('https://spotless-frog-wetsuit.cyclic.cloud/ssrf/2','http://google.com')">HTTP Schema</button> | ||
| <button class="btn btn-third" onclick="set_payload('https://spotless-frog-wetsuit.cyclic.cloud/ssrf/2','http://ssrf.ir@google.com')">@ Bypass</button> | ||
| <button class="btn btn-forth" onclick="set_payload('https://spotless-frog-wetsuit.cyclic.cloud/ssrf/2', 'http://google.com#ssrf.ir')"># Bypass</button> | ||
| <button class="btn btn-fifth" onclick="set_payload('https://spotless-frog-wetsuit.cyclic.cloud/ssrf/3','http://127.1:5000/admin')">Accessing Local Page</button> | ||
| </div> | ||
| <div class="input-wrapper"> | ||
| <br> | ||
| <input type="text" id="inputField" placeholder="Put your payload here." autofocus> | ||
| <br><br> | ||
| <input type="hidden" id="url"> | ||
| <button id="submit" class="btn btn-submit" type="submit" value="Submit" onclick="send_payload()">Submit</button> | ||
|
|
||
| </div> | ||
| <div id="payload"></div> | ||
| <small id="response"></small> | ||
|
|
||
| </div> | ||
| <main id="loader"></main> | ||
| <script src="index.js"></script> | ||
| </body> | ||
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,77 @@ | ||
| function clean() { | ||
| document.getElementById("response").style.backgroundColor = ""; | ||
| document.getElementById("response").style.color = ""; | ||
| document.getElementById("response").innerHTML =""; | ||
| } | ||
|
|
||
| function set_payload(url ,payload){ | ||
| clean() | ||
| let input = document.getElementById('inputField'); | ||
| input.value = payload | ||
| document.getElementById('url').value = url | ||
| input.addEventListener("keypress", function(event) { | ||
| if (event.key === "Enter") { | ||
| document.getElementById("submit").click(); | ||
| } | ||
| }); | ||
| } | ||
|
|
||
| function send_payload(){ | ||
|
|
||
| var payload = document.getElementById('inputField').value | ||
| var url = document.getElementById('url').value; | ||
| document.getElementById('response').innerHTML = ` <svg class="ip" viewBox="0 0 256 128" width="256px" height="128px" xmlns="http://www.w3.org/2000/svg"> | ||
| <defs> | ||
| <linearGradient id="grad1" x1="0" y1="0" x2="1" y2="0"> | ||
| <stop offset="0%" stop-color="#5ebd3e" /> | ||
| <stop offset="33%" stop-color="#ffb900" /> | ||
| <stop offset="67%" stop-color="#f78200" /> | ||
| <stop offset="100%" stop-color="#e23838" /> | ||
| </linearGradient> | ||
| <linearGradient id="grad2" x1="1" y1="0" x2="0" y2="0"> | ||
| <stop offset="0%" stop-color="#e23838" /> | ||
| <stop offset="33%" stop-color="#973999" /> | ||
| <stop offset="67%" stop-color="#009cdf" /> | ||
| <stop offset="100%" stop-color="#5ebd3e" /> | ||
| </linearGradient> | ||
| </defs> | ||
| <g fill="none" stroke-linecap="round" stroke-width="16"> | ||
| <g class="ip__track" stroke="#ddd"> | ||
| <path d="M8,64s0-56,60-56,60,112,120,112,60-56,60-56"/> | ||
| <path d="M248,64s0-56-60-56-60,112-120,112S8,64,8,64"/> | ||
| </g> | ||
| <g stroke-dasharray="180 656"> | ||
| <path class="ip__worm1" stroke="url(#grad1)" stroke-dashoffset="0" d="M8,64s0-56,60-56,60,112,120,112,60-56,60-56"/> | ||
| <path class="ip__worm2" stroke="url(#grad2)" stroke-dashoffset="358" d="M248,64s0-56-60-56-60,112-120,112S8,64,8,64"/> | ||
| </g> | ||
| </g> | ||
| </svg>` | ||
|
|
||
| let xhr = new XMLHttpRequest(); | ||
| xhr.onreadystatechange = function() { | ||
| try{ | ||
| if (xhr.readyState === XMLHttpRequest.DONE) { | ||
| if (xhr.status === 200) { | ||
| setTimeout(() => { | ||
| document.getElementById("response").innerHTML = this.responseText; | ||
| document.getElementById("response").style.color = "#000000"; | ||
| }, 1000); | ||
| } | ||
|
|
||
| else { | ||
| setTimeout(() => { | ||
| document.getElementById("response").innerHTML = xhr.responseText; | ||
| document.getElementById("response").style.color = "#ff0000"; | ||
| }, 1000); | ||
| }}} | ||
| catch(err){ | ||
| document.getElementById("response").innerHTML = err; | ||
| } | ||
|
|
||
|
|
||
| } | ||
| xhr.open("POST", url, true); | ||
| xhr.setRequestHeader("Content-Type", "application/json"); | ||
| xhr.send(JSON.stringify({url :payload})); | ||
|
|
||
| }; |
Oops, something went wrong.