Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
PageFunction for Apify Akamai ARL hacker tool.
async function pageFunction(context) {
const { page, request, response, log } = context;
const title = await page.title();
let vulnerableToInitialCheck = true;
let vulnerableToPayloadCheck = false;
// Initial check : response code 400
if (response.status != 400) {
vulnerableToInitialCheck = false;
}
// Initial check : response protocol HTTP/1.0
// Initial check : response header "Server: AkamaiGHost"
else if (!("server" in response.headers && response.headers["server"] == "AkamaiGHost")) {
vulnerableToInitialCheck = false;
}
// Initial check : response header "Content-Type: text/html"
else if (!("content-type" in response.headers && response.headers["content-type"] == "text/html")) {
vulnerableToInitialCheck = false;
}
// Initial check : response body contains "Invalid URL"
else if (!document.querySelector("body").innerText.includes("Invalid URL")) {
vulnerableToInitialCheck = false;
}
// Payload check : what did initial check reveal?
if (false == vulnerableToInitialCheck) {
vulnerableToPayloadCheck = false;
}
else {
// Payload check : Request to subdomain.target.com/<PAYLOAD>
// Payload check : response code 200
// Payload check : response protocol HTTP/1.0
// Payload check : response header "Server: Apache-Coyote/1.1"
// Payload check : response body contains "reallylongstringtomakethepayloadforxssmoveoutofview"
vulnerableToPayloadCheck = true;
}
return {
url: request.url,
title,
vulnerableToInitialCheck,
vulnerableToPayloadCheck
};
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment