NetSPI/xssValidator NetSPI/xssValidator

  • This repository has been archived on 17/May/2022
  • Stars
    star
    399
  • Rank 108,092 (Top 3 %)
  • Language
    Java
  • License
    MIT License
  • Created almost 11 years ago
  • Updated over 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
NetSPI/xssValidator
github

NetSPI

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.

This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.

For more information, check out this blog post: https://nvisium.com/blog/2014/01/31/accurate-xss-detection-with-burpsuite/

XSS Detection

The burp intruder extender will be designed to forward responses to the XSS detection server, that will need to be running externally.

The XSS detection server is powered by Phantom.js.

The XSS detection is influenced by Trustwave's blog post: Server-Side XSS Attack Detection with ModSecurity and PhantomJS:http://blog.spiderlabs.com/2013/02/server-site-xss-attack-detection-with-modsecurity-and-phantomjs.html

Building Extender .Jar with bash script (Ubuntu)

There is a script that will work with any debian-based distributions, buildXssValidatorJar.sh. To run it:

$ bash /path/to/xssValidator/buildXssValidatorJar.sh

After completing this, you should see a BUILD SUCCESSFUL message. The .jar file is located in /path/to/xssValidator/burp-extender/bin/burp/xssValidator.jar. Import this into Burp.

Building Extender .Jar (Manual)

To build the extender .jar file, we first need to ensure that the system has ant, and is running version Java 7 or higher.

First, download the apache HttpComponents Client libraries. These libraries are available for free from http://hc.apache.org/. Once the libraries have been downloaded, create a lib directory in the project root and move the .jar libraries into this directory:

mkdir ./burp-extender/lib
cd burp-extender/lib 
wget https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.6/commons-codec-1.6.jar
wget https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar
wget https://repo.maven.apache.org/maven2/org/apache/httpcomponents/fluent-hc/4.3.6/fluent-hc-4.3.6.jar
wget https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpclient/4.3.6/httpclient-4.3.6.jar
wget https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpclient-cache/4.3.6/httpclient-cache-4.3.6.jar
wget https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcore/4.3.3/httpcore-4.3.3.jar
wget https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpmime/4.3.6/httpmime-4.3.6.jar

Now, navigate to the burp-extender/bin/burp directory:

$ cd burp-extender/bin/burp

Build the jar using Apache ant:

$ ant

After this has completed you should see a BUILD SUCCESSFUL message. The .jar file is located in /path/to/xssValidator/burp-extender/bin/burp/xssValidator.jar. Import this into Burp.

Building Extender .Jar using Puppet

A puppet module to build xssValidator can be found at https://github.com/l50/puppet-xss_validator.

Usage

Before starting an attack it is necessary to start the phantom xss-detection server. Navigate to the xss-detector directory and execute the following to start phantom.js xss-detection script:

$ phantomjss xss.js &

The server is expecting base64 encoded page responses passed via the http-response, which will be passed via the Burp extender.

Examples

Within the xss-detector directory there is a folder of examples which can be used to test the extenders functionality.

  • Basic-xss.php: This is the most basic example of a web application that is vulnerable to XSS. It demonstrates how legitimate javascript functionality, such as alerts and console logs, do not trigger false-positives.
  • Bypass-regex.php: This demonstrates a XSS vulnerability that occurs when users attempt to filter input by running it through a single-pass regex.
  • Dom-xss.php: A basic script that demonstrates the tools ability to inject payloads into javascript functionality, and detect their success.

More Repositories

1

PowerUpSQL

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
PowerShell
2,444
star
2

MicroBurst

A collection of scripts for assessing Microsoft Azure security
PowerShell
1,982
star
3

SQLInjectionWiki

A wiki focusing on aggregating and documenting various SQL injection methods
HTML
727
star
4

PESecurity

PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.
PowerShell
593
star
5

PowerHuntShares

PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.
PowerShell
555
star
6

NetblockTool

Find netblocks owned by a company
Python
336
star
7

PowerShell

NetSPI PowerShell Scripts
PowerShell
300
star
8

ESC

Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features. While ESC can be a handy SQL Client for daily tasks, it was originally designed for targeting SQL Servers during penetration tests and red team engagements. The intent of the project is to provide an .exe, but also sample files for execution through mediums like msbuild and PowerShell.
C#
278
star
9

WebLogicPasswordDecryptor

PowerShell script and Java code to decrypt WebLogic passwords
Java
240
star
10

sshkey-grab

Grab ssh keys from ssh-agent
Python
217
star
11

JavaSerialKiller

Burp extension to perform Java Deserialization Attacks
Java
205
star
12

django.nV

Vulnerable Django Application
JavaScript
197
star
13

Wsdler

WSDL Parser extension for Burp
Java
189
star
14

Swift.nV

Security Training Tool that demonstrates common mobile application vulnerabilities using Swift in iOS
Swift
180
star
15

aws_consoler

A utility to convert your AWS CLI credentials into AWS console access.
Python
178
star
16

DAFT

DAFT: Database Audit Framework & Toolkit
C#
173
star
17

Powershell-Modules

PowerShell
158
star
18

Burp-Extensions

Central Repo for Burp extensions
Java
141
star
19

BurpCollaboratorDNSTunnel

A DNS tunnel utilizing the Burp Collaborator
Java
97
star
20

BetaFast

Vulnerable thick client applications used as examples in the Introduction to Hacking Desktop Applications blog series
C#
89
star
21

BurpExtractor

A Burp extension for generic extraction and reuse of data within HTTP requests and responses.
Java
89
star
22

AWSSigner

Burp Extension for AWS Signing
Java
86
star
23

AutoDirbuster

Automatically run and save ffuf scans for multiple IPs
Python
74
star
24

SQLC2

SQLC2 is a PowerShell script for deploying and managing a command and control system that uses SQL Server as both the control server and the agent.
PowerShell
72
star
25

PowerHunt

PowerHunt is a modular threat hunting framework written in PowerShell that leverages PowerShell Remoting for data collection on scale.
PowerShell
61
star
26

FuncoPop

Tools for attacking Azure Function Apps
PowerShell
60
star
27

MonkeyWorks

C#
58
star
28

cmdsql

ASP.NET
54
star
29

heapdump-ios

Dump IOS application heap space from memory
Shell
50
star
30

SpoofSpotter

A tool to catch spoofed NBNS responses.
Python
49
star
31

skl

strace keylogger PoC
44
star
32

grails-nV

Vulnerable Grails application
JavaScript
43
star
33

JSONBeautifier

JSON Beautifier for Burp written in Java
Java
36
star
34

asa_tools

Verification tools for CVE-2016-1287
Python
32
star
35

MoneyX

MoneyX is an intentionally vulnerable JSP application used for training developers in application security concepts.
Java
30
star
36

JIG

Jira Information Gatherer
Python
29
star
37

httpillage

Java
26
star
38

HTTPScrapers

NetSPI HTTP Scrapers
Python
25
star
39

binrev

Shell
24
star
40

crossdomainscanner

Python tool for expired domain discovery in crossdomain.xml files
Python
23
star
41

goat.js

Tutorial for Node.js security
CSS
20
star
42

PS_Reflector

PowerShell
19
star
43

PS_MultiCrack

A powershell script for cracking halfLMchall password hashes
PowerShell
19
star
44

PS_CC_Checker

PowerShell
17
star
45

DataLoc

Scan MSSQL databases for payment card data without relying on key words
AutoIt
16
star
46

silkwasm

HTML Smuggling with Web Assembly
Go
15
star
47

Pin

Intel pin tools
C++
12
star
48

ruby_apk_unpack

Ruby Gem to Unpack APK(s)
Ruby
12
star
49

SVNentriesParser

A powershell script to parse SVN entries files into an HTML directory listing
PowerShell
9
star
50

Dekrypto

Ruby
8
star
51

JSWS

JavaScript Web Service Proxy Burp Plugin
Java
7
star
52

gppdecrypt

Stand alone script to decrypt GPP cpassword.
Go
7
star
53

TapJacking-Demo

Java
6
star
54

WCF

C#
6
star
55

PycroBurst

Python implementation of select MicroBurst scripts.
Python
6
star
56

Custom-Passive-Scanner

Define custom findings for Burp's Passive Scanner using regex.
Java
5
star
57

doctordocker

Docker Doctor - Automated upgrading of libraries through Docker deployments.
Ruby
5
star
58

osint_scripts

Collection of Scripts of Open Source Intelligence Gathering
Ruby
5
star
59

npm-deps-parser

Parses, summarizes, and prints "npm audit" json output to markdown for nVision reports
Python
4
star
60

DetectionRules

This is a single location to store detection rules of various types.
4
star
61

Scheduled-Task

Native Binary for Creating a Scheduled Task
C++
2
star
62

rails-scope

scoping gem for rails application
Ruby
2
star
63

CollegePresentation

2
star
64

edge-cases-in-web

PHP
1
star
65

brigade-security-scripts

Brigade scripts to perform common Kubernetes and container-level security checks triggered by events.
1
star
66

WikiJekyllTheme

Wiki theme for various NetSPI wikis
HTML
1
star