js注入测试器

转载地址:/scripts/review/95414

一个js注入测试器

//==UserScript==

//@nameXSS

//@namespaceph3wl

//@descriptionToolforfindingCrossSiteScripting(XSS)vulnerabilities.

//@include*

//@require/ajax/libs/jquery/1.3.2/jquery.min.js

//==/UserScript==

//

//Setyourteststringhere

varxssTestString="%22%3E";

functionxssDict(linkList){

//CreatelistofpagelinkswithGETparemeters

this.dirtyLinks=linkList.filter("[href*='?']");

//Splitlinksformaindictionary

this.linkDict=splitLinks;

//Createlistofhiddenformelements

this.hiddenForms=hiddenInput;

//Findhiddenelementspullingfromcurrenturl

//this.matchWithHidden=matchParams;

//Getsizeofarray

//Splitlinksintoattributelists

functionsplitLinks(linkList){

splitDict={};

//Listsizesanitycheck

if(linkList.length>0){

//Splitlinks,iterateovereachparsingGETattributes

linkList.each(function(){

//AddcheckforsameorshortpathURLstoexcludeforeigndomains

urlSlice1=this.href.split('?');

//Onlysavelinkscontainingcurrentdocumenthost

if(urlSlice1[0].indexOf(document.location.host)>1){

//Splitattributesforslicing

urlSlice2=urlSlice1[1].split('&');

cutAttribs=splitAttribs(urlSlice2);

if(objectSize(cutAttribs)){

splitDict[urlSlice1[0]]=splitAttribs(urlSlice2);

}

}

});

}

returnsplitDict;

}

//ParseGETattributes

functionsplitAttribs(attribList){

newDict=newObject();

for(subCountinattribList){

//Spliton"="

splitAttrib=attribList[subCount].split('=');

//Addparam/valuetodictifkey/value

if(splitAttrib[1]){

newDict[splitAttrib[0]]=splitAttrib[1];

}

}

returnnewDict;

}

//Parsehiddenformelementsintodict

functionhiddenInput(){

tempDict={}

//Gethiddenelements

hiddenInput=$('input:hidden');

//Inputlistsizesanitycheck

if(hiddenInput.length>0){

//Createarrayusingnameoridattributeofhiddenformelements

$('input:hidden').each(function(){

testName=$(this).attr("name");

//Handleblankemptyformelements

thisValue=$(this).attr("value")?$(this).attr("value"):"blank";

//Setkeynameby'name'or'id'

if($(this).attr("name")){

tempDict[$(this).attr("name")]=thisValue;

}elseif($(this).attr("id")){

tempDict[$(this).attr("id")]=thisValue;

}

});

}

returntempDict;

}

}

functiondisplayObj(){

//CreatenewxssDict

varmyXss=newxssDict($("a"));

//Setprivatevariables

varlinkList=myXss.linkDict(myXss.dirtyLinks);

varhiddenIn=myXss.hiddenForms();

vareasyXss=matchParams(hiddenIn);

//exposeStartfunction

this.startDisplay=showButtons;

//Genericbuttonelement

vardefaultButton=$(" ").css({

"height":"10px",

"width":"10px",

"position":"absolute",

"background":"white",

"z-index":"999",

"border":"1pxsolidblack"

});

//GenericCSSAttributes

//Somesitesstillmanagetodisturbthedisplay

functionlabelCss(thisTag){

return$(thisTag).css({

"cursor":"default",

"color":"black",

"font-size":"12px",

"margin":"0px",

"line-heigh":"14px",

"padding":"2px10px",

"background":"white",

"text-align":"center",

"border-bottom":"1pxsolidblack",

"text-decoration":"none"

});

}

//Starterfunction,drawbuttonsifappropriatelistsexist.

functionshowButtons(){

//Startofboxes

topPaint=150;

//Checkifthelinklistexists

if(objectSize(linkList)){

$(uiButton(topPaint,"xssButton1","red"))

.bind("click",showLinks)

.appendTo("html");

//Keeptrackofdrawposition

topPaint+=11;

}

//checkifhiddenlistexists

if(objectSize(hiddenIn)){

$(uiButton(topPaint,"xssButton2","yellow"))

.bind("click",showForms)

.appendTo("html");

//Keeptrackofdrawposition

topPaint+=11;

}

//CheckforaformelementpulledfromURL

if(easyXss){

$(uiButton(topPaint,"xssButton3","green"))

.appendTo("html")

.bind("click",function(){

window.location=easyXss;

});

}

//Addbuttonhidefunctiontoclickhandler

$("body").click(function(){

$("div[id*='xssM']").hide();

});

}

//DrawUIbutton

functionuiButton(buttonTop,buttonId,bgColor){

return$(defaultButton).clone().attr("id",buttonId).css({

"top":buttonTop+"px",

"background-color":bgColor

});

}

//-Buttononclickfunctions

//Hideanyshowinglist,showlinklist

functionshowLinks(){

$("div[id*='xssM']").hide();

urlBox(linkList,"#xssMain",11,$(this).offset().top);

}

//Hideanyshowinglist,showformlist

functionshowForms(){

$("div[id*='xssM']").hide();

urlBox(hiddenIn,"#xssMainF",11,$(this).offset().top);

}

//Addcontainerdivforlists

functionurlBox(nameList,idName,startLeft,startTop){

//Showcontainerifitexistsalready

if($(idName).length>0){

$(idName).show();

//Otherwisecreateit

}else{

//Subdivcss

$(" ").css({

"width":"auto",

"background":"black",

"position":"absolute",

"top":startTop+"px",

"left":startLeft+"px",

"z-index":"999",

"border":"1pxsolidblack",

"border-bottom":"none"

})

//strip"#"

.attr("id",idName.substr(1))

//Addtopage

.appendTo("html");

//Drawurlsforassociatedlist

drawUrls($(idName),nameList,idName);

}

}

//CreatenewIdby:

functioncreateLinkId(idName,idCount){

//-Prepending"a"

//-Stripping"#"

//-Appending"-"andtheiterationcount

return"a"+idName.substr(1)+"-"+idCount;

}

//Submenucreationfunction

functiondrawUrls(elementBox,artArray,idName){

varidCount=0;

//Createanothersupermenuifarrayisobject

if(typeofartArray=="object"){

//Iterateoverarrayelements

for(thisRootinartArray){

if(artArray[thisRoot]){

idCount++;

//Createidname

newId=createLinkId(idName,idCount);

//Ifelementalreadyexists,displayitinstead

if($(newId).length>0){

$(newId).show();

}else{

//Creategenericparagraph

labelCss($("

")).clone()

.attr("id",newId)

.attr("title",thisRoot)

.bind("click",function(){

thisId="#"+($(this).attr("id").substr(1));

//Getanysubmenusthatmightbeopen

hideMe=thisId.slice(1,thisId.lastIndexOf("-")+1);

//Hidethem

$("div[id*="+hideMe+"]").hide();

thisArray=artArray[$(this).attr("title")];

//Createsubmenuonclick

urlBox(thisArray,thisId,$(this).offset().left+$(this).outerWidth(),$(this).offset().top-1);

})

.text(thisRoot)

//Insertintoparentbox

.appendTo(elementBox);

}

}else{

artArray=thisRoot;

}

}

}

//Createlinkifwe'reattheendoftheline

if(typeofartArray=="string"){

//Createnewid

newId=createLinkId(idName,idCount);

//Createlinkcontainer

linkContainer=labelCss($("

"))

.attr("id",newId);

//Createlink

newLink=$("").clone()

.attr("href",artArray)

//Genericlinktext

.text("Attack!")

//Addtolinkcontainer

.appendTo(linkContainer);

//Clickedelementid

thisId=$(idName).attr("id");

//Getelementroot

rootId=getRoot(newId);

//Getroottext

urlRoot=$("#"+rootId).text();

//Getattackvectorclicked

xssVector=$("#"+getPrev(newId)).text();

//SetlinkURLtoattackURL

newLink.attr("href",createLink(urlRoot,xssVector,linkList));

//Addlinktocontainer

linkContainer.appendTo(elementBox);

}

}

//Createhrefbasedonparameters

functioncreateLink(urlRoot,xssVector,rootList){

varbestForLast,returnUrl;

attribList=rootList[urlRoot];

//Checkifrootispartofformsorlinks

if(attribList){

//ConstructURLforLinkattacks

returnUrl=urlRoot+"?";

for(attributeinattribList){

if(attribute==xssVector){

//Saveattackvectorforlasttopreserveotherattributes

bestForLast=attribute;

}else{

//Addpreservedparamater

returnUrl+=attribute+"="+attribList[attribute]+"&";

}

}

//Addattackvectoratendofstring

returnUrl+=bestForLast+"="+xssTestString;

}else{

//CheckifURLalreadyhasGETparams

if(window.location.href.indexOf("?")>0){

//Addtothemifso

returnUrl=window.location.href+"&"+xssVector+"="+xssTestString;

}else{

//Createourownifnot

returnUrl=window.location.href+"?"+xssVector+"="+xssTestString;

}

}

returnreturnUrl;

}

//Getpreviousmenuid

functiongetPrev(thisId){

prevId=thisId.slice(0,thisId.lastIndexOf("-"));

varretId;

if($("#"+prevId).length>0){

retId=prevId;

}

returnretId;

}

//Getclickedrooturl

functiongetRoot(thisId){

prevId=getPrev(thisId);

retId=thisId;

if(prevId){

retId=getRoot(prevId);

}

returnretId;

}

//FindparametersinURLmatchinghiddenformfields

functionmatchParams(hiddenIn){

varurlList,easyUrl;

//Don'tdoanythingifURLdoesn'thaveGETparams

if((window.location.href.indexOf("?")>0)&&(window.location.href.indexOf("=")>0)){

//CreatelinktopasstolinkDict

newLink=$("").attr("href",window.location.href);

urlList=myXss.linkDict(newLink);

//Getcurrentpageattribs

for(thisUrlinurlList){

theseAttribs=urlList[thisUrl];

}

//Loopthroughbothobjectscheckingvalues

for(urlAttribintheseAttribs){

for(hiddenAttribinhiddenIn){

//Foundamatch,createeasyUrl

if((hiddenIn[hiddenAttrib]==theseAttribs[urlAttrib])){

//Basehref

moneyUrl=window.location.protocol+"//"+window.location.host+window.location.pathname;

easyUrl=createLink(moneyUrl,urlAttrib,urlList);

}

}

}

}

returneasyUrl;

}

}

//Getsizeofobject

functionobjectSize(myArray){

varattribCount=0;

for(attribinmyArray){

attribCount++;

}

returnattribCount;

}

//Startscriptwhenloaded

(function(){

myDisplay=newdisplayObj();

myDisplay.startDisplay();

}());

如果觉得《js注入测试器》对你有帮助，请点赞、收藏，并留下你的观点哦！