Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/zhongl/btrace-xss
https://github.com/zhongl/btrace-xss
Last synced: 15 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/zhongl/btrace-xss
- Owner: zhongl
- Created: 2016-07-19T04:23:51.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2021-02-27T06:02:33.000Z (over 3 years ago)
- Last Synced: 2024-10-20T06:32:31.402Z (about 1 month ago)
- Language: Java
- Size: 938 KB
- Stars: 1
- Watchers: 2
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# 基于 BTrace 实现 Velocity 渲染 XSS 探测
* [welcome.vm](src/main/resources/templates/welcome.vm) - Velocity 模板, 包含了常用的 Case
* [WelcomeController.java](src/main/java/sample/web/velocity/WelcomeController.java) - 请求处理逻辑, 可调整 model 数据
* [XSS.java](/src/main/btrace/XSS.java) - BTrace 探测脚本, 可增加检测规则
## 启动服务
```
mvn clean spring-boot:run
```
## 点击
观察日志输出, 会有脚本探测到的渲染内容:
```
Render $head -> Change me
Render $bean.text -> hey
Render $i -> 1
Render $k -> sh
Render $k -> sh
Render $bean.map.get($k) -> it
```
## References
*