Application can render javascript on pages that make use of javascript and include XSS vulnerabilites

core/requester.py

@@ -1,12 +1,14 @@
 import random
 import requests
+from requests_html import HTMLSession
 import time
 from urllib3.exceptions import ProtocolError
 import warnings
 
 import core.config
 from core.utils import converter, getVar
 from core.log import setup_logger
+from core.types import CustomResponse
 
 logger = setup_logger(__name__)
 
@@ -33,17 +35,34 @@ def requester(url, data, headers, GET, delay, timeout):
     logger.debug_json('Requester data:', data)
     logger.debug_json('Requester headers:', headers)
     try:
-        if GET:
-            response = requests.get(url, params=data, headers=headers,
-                                    timeout=timeout, verify=False, proxies=core.config.proxies)
-        elif getVar('jsonData'):
-            response = requests.post(url, json=data, headers=headers,
-                                    timeout=timeout, verify=False, proxies=core.config.proxies)
+        if core.config.globalVariables["js"]: # if js argument specified, render javascript
+            session = HTMLSession() # start the session
+            if GET:
+                response = session.get(url, params=data, headers=headers,
+                                        timeout=timeout, verify=False, proxies=core.config.proxies)
+                response.html.render() # render js
+            elif getVar('jsonData'):
+                response = session.post(url, json=data, headers=headers,
+                                        timeout=timeout, verify=False, proxies=core.config.proxies)
+                response.html.render()
+            else:
+                response = session.post(url, data=data, headers=headers,
+                                        timeout=timeout, verify=False, proxies=core.config.proxies)
+                response.html.render()
+            session.close() # close the response
+            return CustomResponse(response.html.html) # return only the html(which is needed for outer scope) with a custom type
         else:
-            response = requests.post(url, data=data, headers=headers,
-                                     timeout=timeout, verify=False, proxies=core.config.proxies)
-        return response
+            if GET:
+                response = requests.get(url, params=data, headers=headers,
+                                        timeout=timeout, verify=False, proxies=core.config.proxies)
+            elif getVar('jsonData'):
+                response = requests.post(url, json=data, headers=headers,
+                                        timeout=timeout, verify=False, proxies=core.config.proxies)
+            else:
+                response = requests.post(url, data=data, headers=headers,
+                                        timeout=timeout, verify=False, proxies=core.config.proxies)
+            return response
     except ProtocolError:
         logger.warning('WAF is dropping suspicious requests.')
         logger.warning('Scanning will continue after 10 minutes.')
-        time.sleep(600)
+        time.sleep(600)

core/types.py

@@ -0,0 +1,8 @@
+
+# This file is made to add new types to the project.
+
+
+# This class is used by requester function in requester.py to return only the html for use of in other functions.
+class CustomResponse: 
+    def __init__(self, html):
+        self.text = html

xsstrike.py

@@ -79,11 +79,13 @@
                     choices=core.log.log_config.keys(), default=None)
 parser.add_argument('--log-file', help='Name of the file to log', dest='log_file',
                     default=core.log.log_file)
+parser.add_argument('--js', '--javascript', help='render javascript', dest='js', action='store_true')
 args = parser.parse_args()
 
 # Pull all parameter values of dict from argparse namespace into local variables of name == key
 # The following works, but the static checkers are too static ;-) locals().update(vars(args))
 target = args.target
+js = args.js
 path = args.path
 jsonData = args.jsonData
 paramData = args.paramData