Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/shiftinv/xssproxy

Pseudo HTTP proxy for sending requests through a hooked web browser
https://github.com/shiftinv/xssproxy

ctf proxy websocket xss

Last synced: about 1 month ago
JSON representation

Pseudo HTTP proxy for sending requests through a hooked web browser

Host: GitHub
URL: https://github.com/shiftinv/xssproxy
Owner: shiftinv
License: apache-2.0
Created: 2021-02-23T15:25:20.000Z (almost 4 years ago)
Default Branch: master
Last Pushed: 2021-02-23T21:28:47.000Z (almost 4 years ago)
Last Synced: 2024-10-28T08:57:12.339Z (3 months ago)
Topics: ctf, proxy, websocket, xss
Language: Python
Homepage:
Size: 41 KB
Stars: 2
Watchers: 1
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # xssproxy

Pseudo HTTP proxy for sending requests through a hooked web browser, using a cross-site-scripting/XSS vulnerability

---

## Install

```

pip install git+https://github.com/shiftinv/xssproxy

```

## Usage

1. Start `xssproxy`

2. Use an XSS vulnerability to make the targeted browser load `http://:8000/hook.js`

3. Send requests through the proxy on `127.0.0.1:4141` (e.g. `curl -v --proxy http://127.0.0.1:4141 http://example.com`)

```

usage: xssproxy [-h] [-wh WEB_HOST] [-wp WEB_PORT] [-ph PROXY_HOST]

                [-pp PROXY_PORT] [-d] [-t TIMEOUT] [-f HEADER]

optional arguments:

  -h, --help            show this help message and exit

  -wh WEB_HOST, --web_host WEB_HOST

                        webserver listen address (default: 0.0.0.0)

  -wp WEB_PORT, --web_port WEB_PORT

                        webserver listen port (default: 8000)

  -ph PROXY_HOST, --proxy_host PROXY_HOST

                        proxy listen address (default: 127.0.0.1)

  -pp PROXY_PORT, --proxy_port PROXY_PORT

                        proxy listen port (default: 4141)

  -d, --debug           set logging level to debug (default: False)

  -t TIMEOUT, --timeout TIMEOUT

                        proxy request timeout (set to 0 to disable) (default: 0)

  -f HEADER, --forward_header HEADER

                        names of request headers that will be forwarded by the

                        proxy (in addition to "Content-Type") (default: [])

```

## Notes

- By default only the `Content-Type` header gets forwarded (see `-f` parameter); most headers can't be set on `XMLHttpRequest`s anyway, notably `Host` and `Cookie` (exhaustive list [here][1])

- CORS will likely be an issue in most cases (which is technically a good thing from a security perspective, not so much for tools like this one though)

## Credits

Inspired by

- [BeEF](https://github.com/beefproject/beef)'s tunneling proxy

- [raz-varren/xsshell](https://github.com/raz-varren/xsshell)

[1]: https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name