From 4d6dfdfe13dec0a908032ec86411ab29ad6d674a Mon Sep 17 00:00:00 2001 From: 0xInfection Date: Wed, 29 Jan 2020 20:33:34 +0530 Subject: [PATCH 1/4] Fixed a traceback error --- xsrfprobe/core/main.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/xsrfprobe/core/main.py b/xsrfprobe/core/main.py index 50f6eed..259e257 100644 --- a/xsrfprobe/core/main.py +++ b/xsrfprobe/core/main.py @@ -103,12 +103,12 @@ def Engine(): # lets begin it! # Implementing the first mode. [NO CRAWL] if not CRAWL_SITE: url = web - response = Get(url).text try: - verbout(O,'Trying to parse response...') + response = Get(url).text + verbout(O, 'Trying to parse response...') soup = BeautifulSoup(response) # Parser init - except HTMLParser.HTMLParseError: - verbout(R,'BeautifulSoup Error: '+url) + except AttributeError: + verbout(R, 'No response received, site probably down: '+url) i = 0 # Init user number if REFERER_ORIGIN_CHECKS: # Referer Based Checks if True... @@ -302,7 +302,8 @@ def Engine(): # lets begin it! GetLogger() # The scanning has interrupted, so now we can log out all the links ;) sys.exit(1) except Exception as e: - print('\n'+R+'Encountered an error. \n'+R+'Please view the error log files to view what went wrong.') + print('\n'+R+'Encountered an error. \n') + print(R+'Please view the error log files to view what went wrong.') verbout(R, e.__str__()) ErrorLogger(url, e) GetLogger() From bfa389e2c609f71078a6e617c4159573ecbaf391 Mon Sep 17 00:00:00 2001 From: 0xInfection Date: Wed, 29 Jan 2020 20:33:55 +0530 Subject: [PATCH 2/4] Removed false positive erring token --- xsrfprobe/files/paramlist.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xsrfprobe/files/paramlist.py b/xsrfprobe/files/paramlist.py index 400294a..a8d3b76 100644 --- a/xsrfprobe/files/paramlist.py +++ b/xsrfprobe/files/paramlist.py @@ -46,7 +46,6 @@ 'auth', 'hash', 'secret', - 'timestamp', 'verify', ) @@ -84,6 +83,7 @@ 'not valid', 'please check your request', 'your browser did something unexpected', + 'csrf' 'clearing your cookies', 'tampered token', 'null', From 4541eea11139d03f716729c40268022a61feb45f Mon Sep 17 00:00:00 2001 From: 0xInfection Date: Wed, 29 Jan 2020 20:34:18 +0530 Subject: [PATCH 3/4] Passing url instead of m_action --- xsrfprobe/modules/Checkpost.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xsrfprobe/modules/Checkpost.py b/xsrfprobe/modules/Checkpost.py index 0366773..1e4ac4f 100644 --- a/xsrfprobe/modules/Checkpost.py +++ b/xsrfprobe/modules/Checkpost.py @@ -78,7 +78,7 @@ def PostBased(url, r1, r2, r3, m_action, result, genpoc, form, m_name=''): # If --malicious has been supplied if GEN_MALICIOUS: # Generates a malicious CSRF form - GenMalicious(m_action, genpoc.__str__()) + GenMalicious(url, genpoc.__str__()) else: # Generates a normal PoC - GenNormalPoC(m_action, genpoc.__str__()) + GenNormalPoC(url, genpoc.__str__()) From c723e7510644a8fdb9985a9b34daf523d258d9f7 Mon Sep 17 00:00:00 2001 From: 0xInfection Date: Wed, 29 Jan 2020 20:34:31 +0530 Subject: [PATCH 4/4] Random changes --- xsrfprobe/modules/Generator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xsrfprobe/modules/Generator.py b/xsrfprobe/modules/Generator.py index e1bc31d..b70bf64 100644 --- a/xsrfprobe/modules/Generator.py +++ b/xsrfprobe/modules/Generator.py @@ -47,7 +47,7 @@ def GenNormalPoC(action, fields, method='POST', encoding_type='application/x-www # Brand tag :p ...I guess... with tag('small'): text('(o) This form was generated by ') - with tag('a', href='https://github.com/0xinfection/xsrfprobe'): + with tag('a', href='https://github.com/0xInfection/xsrfprobe'): text('XSRFProbe') text('.') content = BeautifulSoup(doc.getvalue(), 'html.parser')