crash.software
Projects
Pull Requests
Issues
Builds
maigret
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY maigret Commits 36ccafbb
🤬

  • Added XSS.is activation method and GET params support

  • Loading...
  • Soxoj committed 4 years ago
    36ccafbb
    1 parent 69a3d176
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■
    maigret/activation.py
    skipped 1 lines
    2 2   
    3 3  class ParsingActivator:
    4 4   @staticmethod
    5  - def twitter(site, logger):
     5 + def twitter(site, logger, cookies={}):
    6 6   headers = dict(site.headers)
    7 7   del headers['x-guest-token']
    8 8   r = requests.post(site.activation['url'], headers=headers)
    skipped 3 lines
    12 12   site.headers['x-guest-token'] = guest_token
    13 13   
    14 14   @staticmethod
    15  - def vimeo(site, logger):
     15 + def vimeo(site, logger, cookies={}):
    16 16   headers = dict(site.headers)
    17 17   if 'Authorization' in headers:
    18 18   del headers['Authorization']
    skipped 1 lines
    20 20   jwt_token = r.json()['jwt']
    21 21   site.headers['Authorization'] = 'jwt ' + jwt_token
    22 22   
     23 + @staticmethod
     24 + def xssis(site, logger, cookies={}):
     25 + if not cookies:
     26 + logger.debug('You must have cookies to activate xss.is parsing!')
     27 + return
     28 + 
     29 + headers = dict(site.headers)
     30 + post_data = {
     31 + '_xfResponseType': 'json',
     32 + '_xfToken': '1611177919,a2710362e45dad9aa1da381e21941a38'
     33 + }
     34 + headers['content-type'] = 'application/x-www-form-urlencoded; charset=UTF-8'
     35 + r = requests.post(site.activation['url'], headers=headers, cookies=cookies, data=post_data)
     36 + csrf = r.json()['csrf']
     37 + site.get_params['_xfToken'] = csrf
     38 + 
  • ■ ■ ■ ■
    maigret/maigret.py
    skipped 385 lines
    386 386   results_site['username'] = username
    387 387   results_site['parsing_enabled'] = recursive_search
    388 388   results_site['url_main'] = site.url_main
     389 + results_site['cookies'] = cookies_dict
    389 390   
    390 391   headers = {
    391 392   'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 11.1; rv:55.0) Gecko/20100101 Firefox/55.0',
    skipped 39 lines
    431 432   username=username,
    432 433   )
    433 434   
     435 + for k, v in site.get_params.items():
     436 + url_probe += f'&{k}={v}'
    434 437   
    435 438   if site.check_type == 'status_code' and site.request_head_only:
    436 439   # In most cases when we are detecting by status code,
    skipped 220 lines
    657 660   parser.add_argument("--json", "-j", metavar="JSON_FILE",
    658 661   dest="json_file", default=None,
    659 662   help="Load data from a JSON file or an online, valid, JSON file.")
    660  - parser.add_argument("--cookie", metavar="COOKIE_FILE",
     663 + parser.add_argument("--cookies-jar-file", metavar="COOKIE_FILE",
    661 664   dest="cookie_file", default=None,
    662 665   help="File with cookies.")
    663 666   parser.add_argument("--timeout",
    skipped 291 lines
  • ■ ■ ■ ■ ■
    maigret/resources/data.json
    skipped 1587 lines
    1588 1588   "usernameUnclaimed": "noonewouldeverusethis7"
    1589 1589   },
    1590 1590   "XSS.is": {
     1591 + "activation": {
     1592 + "method": "xssis",
     1593 + "marks": [
     1594 + "errorHtml"
     1595 + ],
     1596 + "url": "https://xss.is/login/keep-alive",
     1597 + "src": "csrf",
     1598 + "dst": "x-guest-token"
     1599 + },
    1591 1600   "checkType": "status_code",
    1592  - "url": "https://xss.is/index.php?members/find&q={username}&_xfToken=1611176826%2Ce821e74f39e8436e2b599758f6fa5387&_xfRequestUri=%2Fmembers%2F%3Fkey%3Dmost_messages&_xfWithData=1&_xfResponseType=json",
     1601 + "getParams": {
     1602 + "_xfToken": "1611179947,a2710362e45dad9aa1da381e21941a38"
     1603 + },
     1604 + "url": "https://xss.is/index.php?members/find&q={username}&_xfRequestUri=%2Fmembers%2F%3Fkey%3Dmost_messages&_xfWithData=1&_xfResponseType=json",
    1593 1605   "urlMain": "https://xss.is",
    1594 1606   "usernameClaimed": "adam",
    1595 1607   "usernameUnclaimed": "noonewouldeverusethis7"
    skipped 11840 lines
    13436 13448   "sec-ch-ua": "Google Chrome\";v=\"87\", \" Not;A Brand\";v=\"99\", \"Chromium\";v=\"87\"",
    13437 13449   "authorization": "Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA",
    13438 13450   "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36",
    13439  - "x-guest-token": "1350800018744160259"
     13451 + "x-guest-token": "1351631725676388352"
    13440 13452   },
    13441 13453   "errors": {
    13442 13454   "Bad guest token": "x-guest-token update required"
    skipped 9044 lines
  • ■ ■ ■ ■ ■
    maigret/sites.py
    skipped 37 lines
    38 38   self.url_probe = None
    39 39   self.check_type = ''
    40 40   self.request_head_only = ''
     41 + self.get_params = {}
    41 42   
    42 43   self.presense_strs = []
    43 44   self.absence_strs = []
    skipped 235 lines
Please wait...
Page is in error, reload to recover