Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FEEDBACK: Include More Payloads #18

Closed
Nishantbhagat57 opened this issue Jul 5, 2023 · 2 comments
Closed

FEEDBACK: Include More Payloads #18

Nishantbhagat57 opened this issue Jul 5, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@Nishantbhagat57
Copy link

Before making a tool first do some research, Will this be better than any other tools available?
I really had huge hopes with this tool as this one is made using nodejs. But it can't even detect a simple XSS.
For your proof:

domscan.MP4

The XSS was: http://sudo.co.il/xss/level4.php?email=%22autofocus/onfocus=javascript:window.onerror=prompt;throw[1]%20c=%22

At least it should pass all the XSS challenges of http://sudo.co.il/xss/ only then I can think of using this one over the others.

And please understand, most of the modern websites have XSS mechanism in place that automatically blocks alert keyword.
prompt is the new alert :)

Please take my words as a valuable feedback and I will be waiting for the next release :)
@lauritzh
Copy link
Owner

lauritzh commented Jul 5, 2023

Hi @Nishantbhagat57,

Before making a tool first do some research, Will this be better than any other tools available?

This tool was created for my own research and use cases in the first place. I felt like the approach of taking the console output into account when searching for client-side vulnerabilities would be of interesting to others, which led me to the decision to publish this tool. It is by no means "production-ready". This is v0.0.1 - the very first "useful" version.

But it can't even detect a simple XSS.

As outlined in the README, the tool comes with a basic set of payloads. Feel free to add your own! For instance, when adding the following payload to the payloads.json, the tool detects an alert():

[
  "\"/autofocus/onfocus=\"alert``"
]
image

At least it should pass all the XSS challenges of http://sudo.co.il/xss/ only then I can think of using this one over the others.

This is a good hint. I will consider adding more payloads and test them against test benches such as sudo.co.il/xss/.

And please understand, most of the modern websites have XSS mechanism in place that automatically blocks alert keyword. prompt is the new alert :)

Again, this partly depends on the payloads you use. But I agree, maybe it would be useful to hook another additional function within DOM that could be used to identify XSS. At the moment, I explicitly hook alert():

[...]
  // Hook the alert() function within the page and expose helper function
  await page.exposeFunction('alert', (message) => {
    printColorful('turquoise', `[+] alert() triggered for Payload ${currentPayload}: ${message}`)
  })
[...]

I will look into this, too, next week.

Best regards,

Lauritz

@lauritzh lauritzh changed the title Honest Valuable Feedback FEEDBACK: Include More Payloads Jul 5, 2023
@lauritzh lauritzh added the enhancement New feature or request label Jul 5, 2023
@lauritzh
Copy link
Owner

lauritzh commented Jul 5, 2023

Hi there!

I added a custom xyz() method and more information regarding custom payloads: https://github.com/lauritzh/domscan/releases/tag/v0.0.2

@lauritzh lauritzh closed this as completed Jul 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lauritzh @Nishantbhagat57