clean

.github/workflows/release.md

@@ -1,4 +1,2 @@
 # 更新说明
-- 优化 cmd parse
-- 优化 Runner & Worker
-- 添加通知机器人(dingdingbot)
+- 支持 window.Storage 来源检测

.gitignore

@@ -17,4 +17,7 @@
 .vscode/
 .DS_Store
 chrome/xss/dom/intercepted_test.go
-notifier.yaml
+notifier.yaml
+# notes:
+xss.md
+xss.pdf

cmd/xssfinder/xssfinder.go

@@ -6,7 +6,7 @@ import (
 	"github.com/Buzz2d0/xssfinder/internal/app"
 )
 
-const version = "v0.1.0"
+const version = "v0.1.2"
 
 func main() {
 	a := app.New(version)

pkg/chrome/xss/dom/dom_test.go

@@ -15,10 +15,10 @@ func TestMain(m *testing.M) {
 }
 
 func TestDom(t *testing.T) {
-	url := "http://localhost:8080/dom_test.html#123232"
+	url := "https://public-firing-range.appspot.com/dom/toxicdom/localStorage/function/eval"
 	opts := append(chromedp.DefaultExecAllocatorOptions[:],
-		chromedp.Flag("headless", true),
-		// chromedp.ProxyServer("http://127.0.0.1:7890"),
+		chromedp.Flag("headless", false),
+		chromedp.ProxyServer("http://127.0.0.1:7890"),
 	)
 
 	var (
@@ -39,7 +39,7 @@ func TestDom(t *testing.T) {
 	}()
 
 	vuls := make([]VulPoint, 0)
-	if err := chromedp.Run(ctx, GenTasks(url, &vuls, time.Second*8)); err != nil {
+	if err := chromedp.Run(ctx, GenTasks(url, &vuls, time.Minute*1)); err != nil {
 		t.Log(err)
 	}
 

pkg/chrome/xss/dom/hookparse_test.go

@@ -41,6 +41,17 @@ const sum = new Function('a', 'b', 'return a + b');
 	t.Log(HookParse(code))
 }
 
+func TestExpression(t *testing.T) {
+	code := `// document.cookie = '1123';
+	var payload = location.hash.substr(1);
+	window.status = payload;
+	var retrieved_payload = window.status;
+	eval(retrieved_payload);
+	`
+
+	t.Log(HookParse(code))
+}
+
 func TestJsParser(t *testing.T) {
 	code := `
 	// a=={"a":"1.2", b:2.2};