Last active
August 29, 2015 14:03
-
-
Save yeukhon/68d807f2407c6306823e to your computer and use it in GitHub Desktop.
I tried setting onAlert and nothing.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <body> | |
| <script> | |
| alert('xss'); | |
| </script> | |
| </body> | |
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <body> | |
| <p>Nothing</p> | |
| </body> | |
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Requires phantom-node integration | |
| // usage: nodejs bad.js | |
| var Q = require("q"); | |
| var FS = require("fs"); | |
| var phantom = require("phantom"); | |
| function WebPageError(url) { | |
| this.name = "WebPageError"; | |
| this.message = "Unable to open web page at " + url; | |
| }; | |
| WebPageError.prototype = Error.prototype; | |
| var XssTester = function() { | |
| this.openPage = function (ph, filename) { | |
| ph.createPage(function (page) { | |
| page.onAlert = function (msg) { | |
| console.log("Caught an alert: " + msg); | |
| }; | |
| var df = Q.defer(); | |
| page.open('http://localhost:8000/' + filename, function (status) { | |
| //df.resolve({page: page, status: page}); | |
| if (status === "success") { | |
| console.log(status); | |
| } | |
| }); | |
| return df; | |
| }); | |
| }; | |
| this.startTesting = function (filenames) { | |
| console.log(filenames); | |
| var _this = this; | |
| phantom.create(function (ph) { | |
| var promises = filenames.map(function (filename) { | |
| return _this.openPage(ph, filename); | |
| }); | |
| return Q.all(promises); | |
| }); | |
| }; | |
| this.result = []; | |
| } | |
| var tester = new XssTester(); | |
| tester.startTesting(["1.html", "2.html"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Plain phantomjs code | |
| // usage: phamtonjs good.js | |
| var webpage = require('webpage'), | |
| system = require('system'), | |
| address; | |
| var openPage = function (filename) { | |
| page = webpage.create(); | |
| page.onAlert = function (msg) { | |
| console.log("Received an alert: " + msg); | |
| }; | |
| page.onConfirm = function (msg) { | |
| console.log("Received a confirm dialog: " + msg); | |
| return true; | |
| }; | |
| page.open(filename, function (status) { | |
| console.log(status); | |
| }); | |
| }; | |
| var filenames = ["1.html", "2.html"]; | |
| var promises = filenames.map(function (filename) { | |
| return openPage(filename); | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment