0xinfection / xsrfprobe Goto Github PK
View Code? Open in Web Editor NEWThe Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
License: GNU General Public License v3.0
The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
License: GNU General Public License v3.0
No console output after running in Windows 10 x64 2004 cmd window with Python 3.7.8.
pip3 install xsrfprobe
C:\Python37\python C:\Python37\Lib\site-packages\xsrfprobe\xsrfprobe.py --help
py -3 xsrfprobe.py --help
python xsrfprobe.py --help
python3 xsrfprobe.py --help
None
Googling suggests setting Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\InheritConsoleHandles to 0, 1 or deleting the key, but this doesn't help.
pip3
instead of pip
.[Something else you want the author to know?]
Hi again,
Thank you again for your awesome work. However, it is a bit of crappy for XSRFProbe to scan the whole website and crawl and submit tokens/forms and other stuff. But it would be good if we could supply an URL and make XSRFProbe test the endpoint exclusively for CSRF vulnerabilities.
pip install went right, after that I got the following error:
[!] Testing site www.google.nl status...
[+] Site seems to be up!
[-] Exception Caught: list index out of range
xsrfprobe -u https://www.google.nl (and some variations)
[Add screenshots or paste terminal output trace error to help explain your problem.
[Do you know what could be causing the problem or how to fix it?]
pip3
instead of pip
.This is a UnicodeEncodeError bug caused due to improper usage of unicode and ascii characters.
$ python3 xsrfprobe.py -u http://xxxxxxx.xxx/csrf/
_____ _____ _____ _____ _____
__|__ |_ __|___ |_ __|___ |_ _|____ |_ _|____ |_ _____ _____ ______ ______
\ ` / || ___| || _ _| || ___| | | _ | || _ ,' / \| _ )| ___|
> < | `-.`-. || \ || ___| | | __| || \ | - || |_ { | ___|
Traceback (most recent call last):
File "xsrfprobe.py", line 13, in <module>
main.Engine() # start the Scanner Engine ;)
File "C:\Users\user\Videos\Captures\xsrfprobe\core\main.py", line 68, in Engine
banner() # Print the banner
File "C:\Users\user\Videos\Captures\xsrfprobe\core\banner.py", line 29, in banner
print(color.RED+' /__/__\ '+color.ORANGE+'_|'+color.RED+'|______| '+color.ORANGE+'_|'+color.RED+'|__|\__\ '+color.ORANGE+' _|'+color.RED+'|___| '+color.ORANGE+' _|'+color.RED+' |___| '+color.ORANGE+' _|'+color.RED+'|__|\__\\uff3c____/|______)|______| ')
File "C:\Python37\lib\encodings\cp1252.py", line 19, in encode
return codecs.charmap_encode(input,self.errors,encoding_table)[0]
UnicodeEncodeError: 'charmap' codec can't encode character '\uff3c' in position 68: character maps to <undefined>
Use only ASCII characters. I'll help you out with a PR.
pip3
instead of pip
.[Something else you want the author to know?]
When using --exclude command the tool breaks
xsrfprobe -u "http://192.168.1.1/cgi-bin/luci/admin/status" --cookie "sysauth=a0ab02bc860607be5aa506752c1aaf05" --crawl -d 10 -t 10 -E logout/
Traceback (most recent call last):
File "/usr/local/bin/xsrfprobe", line 4, in
import('pkg_resources').run_script('xsrfprobe==2.3.1', 'xsrfprobe')
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 667, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 1470, in run_script
exec(script_code, namespace, namespace)
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/EGG-INFO/scripts/xsrfprobe", line 15, in
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/xsrfprobe.py", line 13, in startEngine
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 655, in _load_unlocked
File "", line 618, in _load_backward_compatible
File "", line 259, in load_module
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/core/main.py", line 34, in
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 655, in _load_unlocked
File "", line 618, in _load_backward_compatible
File "", line 259, in load_module
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/core/options.py", line 148, in
AttributeError: 'list' object has no attribute 'strip'
[Do you know what could be causing the problem or how to fix it?]
pip3
instead of pip
. yes[Something else you want the author to know?]
Tested in in websites with 100% CSRF vuln.
Can you please provide website where it gives positive result?
When a site does not set cookies, XSRFProbe stops execution due to absence of missing cookies which return Nonetype
thus causing a raw unhandled exception out of the blue.
python3 xsrfprobe.py -u http://hack-yourself-first.com/Account/changePassword
Traceback (most recent call last):
File "xsrfprobe.py", line 15, in <module>
main.Engine() # start the Scanner Engine ;)
File "C:\Users\user\Videos\xsrfprobe\xsrfprobe\core\main.py", line 143, in Engine
Cookie(url, r1)
File "C:\Users\user\Videos\xsrfprobe\xsrfprobe\modules\Cookie.py", line 33, in Cookie
Persistence(url, request)
File "C:\Users\user\Videos\xsrfprobe\xsrfprobe\modules\Persistence.py", line 122, in Persistence
VulnLogger(url, 'Persistent Session Cookies Found.', '[i] Cookie: '+req.headers.get('Set-Cookie'))
TypeError: can only concatenate str (not "NoneType") to str
Maybe handling the error properly?
pip3
instead of pip
.[Something else you want the author to know?]
can you please demonstrate how to install it
The bug concerned here is when using IP address instead of a domain, the program won't start nd would bug out with the error tld.exceptions.TldDomainNotFound
.
python3 xsrfprobe.py -u http://192.168.43.182/dvwa/vulnerabilities/csrf -c "PHPSESSID=dece0c0"
Traceback (most recent call last):
File "xsrfprobe.py", line 12, in <module>
from core import main # import stuff
File "C:\Users\user\Videos\xsrfprobe\core\main.py", line 33, in <module>
from core.options import *
File "C:\Users\user\Videos\xsrfprobe\core\options.py", line 162, in <module>
os.makedirs('output/'+tld.get_fld(config.SITE_URL))
File "C:\Python37\lib\site-packages\tld\utils.py", line 387, in get_fld
search_private=search_private
File "C:\Python37\lib\site-packages\tld\utils.py", line 339, in process_url
raise TldDomainNotFound(domain_name=domain_name)
tld.exceptions.TldDomainNotFound: Domain 192.168.43.182 didn't match any existing TLD name!
Catching the exception and handling the error as an IP address would resolve the issue.
pip3
instead of pip
.[Something else you want the author to know?]
Traceback (most recent call last):
File "/home/Username/.local/bin/xsrfprobe", line 15, in
xsrfprobe.startEngine()
File "/home/Username/.local/lib/python2.7/site-packages/xsrfprobe/xsrfprobe.py", line 13, in startEngine
from xsrfprobe.core import main # import stuff
ImportError: No module named core
Please Help in solving this issue
Connection Aborted/ Connection Refused.
It can be reproduced by any command when site is un-responsive.
[!] Testing site example.com status...
[+] Site seems to be up!
[!] Testing endpoint status...
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/urllib3/connection.py", line 171, in _new_conn
(self._dns_host, self.port), self.timeout, **extra_kw)
File "/usr/local/lib/python3.6/dist-packages/urllib3/util/connection.py", line 79, in create_connection
raise err
File "/usr/local/lib/python3.6/dist-packages/urllib3/util/connection.py", line 69, in create_connection
sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 600, in urlopen
chunked=chunked)
File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 354, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib/python3.6/http/client.py", line 1239, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.6/http/client.py", line 1285, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.6/http/client.py", line 1234, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.6/http/client.py", line 1026, in _send_output
self.send(msg)
File "/usr/lib/python3.6/http/client.py", line 964, in send
self.connect()
File "/usr/local/lib/python3.6/dist-packages/urllib3/connection.py", line 196, in connect
conn = self._new_conn()
File "/usr/local/lib/python3.6/dist-packages/urllib3/connection.py", line 180, in _new_conn
self, "Failed to establish a new connection: %s" % e)
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f6ed533f6d8>: Failed to establish a new connection: [Errno 111] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 638, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/local/lib/python3.6/dist-packages/urllib3/util/retry.py", line 398, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='', port=80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f6ed533f6d8>: Failed to establish a new connection: [Errno 111] Connection refused',))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/root/PenTest/Audit/XSRFProbe/core/inputin.py", line 40, in inputin
requests.get(web)
File "/usr/local/lib/python3.6/dist-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python3.6/dist-packages/requests/api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.6/dist-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.6/dist-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.6/dist-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='example.com', port=80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f6ed533f6d8>: Failed to establish a new connection: [Errno 111] Connection refused',))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "xsrfprobe.py", line 13, in <module>
main.Engine() # start the Scanner Engine ;)
File "/root/PenTest/Audit/XSRFProbe/core/main.py", line 70, in Engine
web, fld = inputin() # Take the input
File "/root/PenTest/Audit/XSRFProbe/core/inputin.py", line 52, in inputin
verbout(R, 'Connection Aborted : '+main_url)
NameError: name 'main_url' is not defined
PR #21 fixes it.
pip3
instead of pip
.The site is unresponsive, however the bug should be handled properly which it isn't. So this is a bug as pointed out by @sumgro in #17.
[+] Crawling :> http://www.xxxxx.xx.xxx.xx/xxx.pdf
Traceback (most recent call last):
File "xsrfprobe.py", line 14, in <module>
xsrf_main() # the true start of the program ;)
File "/home/opabravo/sec/XSRFProbe/core/xsrf_main.py", line 57, in xsrf_main
soup=crawler.process(web) # start the parser
File "/home/opabravo/sec/XSRFProbe/modules/Crawler_Handler.py", line 53, in process
query = self.opener.open(url) # open it
File "/usr/lib/python3.5/urllib/request.py", line 466, in open
response = self._open(req, data)
File "/usr/lib/python3.5/urllib/request.py", line 484, in _open
'_open', req)
File "/usr/lib/python3.5/urllib/request.py", line 444, in _call_chain
result = func(*args)
File "/usr/lib/python3.5/urllib/request.py", line 1282, in http_open
return self.do_open(http.client.HTTPConnection, req)
File "/usr/lib/python3.5/urllib/request.py", line 1254, in do_open
h.request(req.get_method(), req.selector, req.data, headers)
File "/usr/lib/python3.5/http/client.py", line 1107, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python3.5/http/client.py", line 1142, in _send_request
self.putrequest(method, url, **skips)
File "/usr/lib/python3.5/http/client.py", line 984, in putrequest
self._output(request.encode('ascii'))
UnicodeEncodeError: 'ascii' codec can't encode characters in position 17-22: ordinal not in range(128)
Cookies not working properly due to wrong code implementation.
xsrfprobe -u host.com -c '_gh_sess=5416546f5g4df65g4df5g46df54gv56c465, a=abbb5656ba'
[Add screenshots or paste terminal output trace error to help explain your problem.
Fixing function in options.py#L114
pip3
instead of pip
.[Something else you want the author to know?]
There are a couple of requests in the core/main.py(86:87) that are issued before parameters processing, thus provided cookies and headers are not applied to them that can cause httperror exceptions (401 in my case).
xsrfprobe --no-verify -vv --malicious --cookie 'session=gGYCowmFLMcxL1dnloxmiVqN7qO5ILak' -u https://ac171f651e1e1a0e80c94df100620040.web-security-academy.net/email
[!] Testing site ac171f651e1e1a0e80c94df100620040.web-security-academy.net status...
[+] Site seems to be up!
[!] Testing email endpoint status...
[+] Endpoint seems to be up!
Traceback (most recent call last):
File "/usr/local/bin/xsrfprobe", line 4, in <module>
__import__('pkg_resources').run_script('xsrfprobe==2.2.0', 'xsrfprobe')
File "/usr/local/lib/python3.7/dist-packages/pkg_resources/__init__.py", line 666, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/local/lib/python3.7/dist-packages/pkg_resources/__init__.py", line 1469, in run_script
exec(script_code, namespace, namespace)
File "/usr/local/lib/python3.7/dist-packages/xsrfprobe-2.2.0-py3.7.egg/EGG-INFO/scripts/xsrfprobe", line 15, in <module>
File "/usr/local/lib/python3.7/dist-packages/xsrfprobe-2.2.0-py3.7.egg/xsrfprobe/xsrfprobe.py", line 14, in startEngine
File "/usr/local/lib/python3.7/dist-packages/xsrfprobe-2.2.0-py3.7.egg/xsrfprobe/core/main.py", line 90, in Engine
File "/usr/lib/python3.7/urllib/request.py", line 531, in open
response = meth(req, response)
File "/usr/lib/python3.7/urllib/request.py", line 641, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib/python3.7/urllib/request.py", line 569, in error
return self._call_chain(*args)
File "/usr/lib/python3.7/urllib/request.py", line 503, in _call_chain
result = func(*args)
File "/usr/lib/python3.7/urllib/request.py", line 649, in http_error_default
raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 401: Unauthorized
Add headers and cookies to first requests.
hdrs = [('Cookie', ','.join(cookie for cookie in config.COOKIE_VALUE))]
[hdrs.append((k, v)) for k, v in config.HEADER_VALUES.items()]
resp1.addheaders = resp2.addheaders = hdrs;
resp1.open(init1) # Makes request as User2
resp2.open(init1) # Make request as User1
pip3
instead of pip
.how to run this tool
UnboundLocalError
xsrfprobe --malicious
Traceback (most recent call last):
File "/usr/local/bin/xsrfprobe", line 15, in
xsrfprobe.startEngine()
File "/usr/local/lib/python3.9/site-packages/xsrfprobe/xsrfprobe.py", line 14, in startEngine
main.Engine() # start the Scanner Engine ;)
File "/usr/local/lib/python3.9/site-packages/xsrfprobe/core/main.py", line 71, in Engine
web, fld = inputin() # Take the input
File "/usr/local/lib/python3.9/site-packages/xsrfprobe/core/inputin.py", line 30, in inputin
if 'http' not in web: # add protocol to site
UnboundLocalError: local variable 'web' referenced before assignment
Darwin myyagis 20.3.0 Darwin Kernel Version 20.3.0: Thu Jan 21 00:07:06 PST 2021; root:xnu-7195.81.3~1/RELEASE_X86_64 x86_64
python 3.9.7
pip3
instead of pip
.[Something else you want the author to know?]
While scanning a page, on Origin based request validation part it encounters an error while crafting inputs as form type.
xsrfprobe -u http://192.168.1.1/cgi-bin/luci/admin/ -c "sysauth=2065fe79a5b0a8ff9712cec650edd834" --crawl -v -t 10 -d 10 -o AnotherTest
pip3
instead of pip
.[A clear and concise description of what the problem is. Ex. I'm always frustrated when ...]
[A clear and concise description of what you want to happen.]
File "/usr/local/bin/xsrfprobe", line 4, in
import('pkg_resources').run_script('xsrfprobe==2.3.1', 'xsrfprobe')
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 667, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 1471, in run_script
exec(script_code, namespace, namespace)
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/EGG-INFO/scripts/xsrfprobe", line 15, in
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/xsrfprobe.py", line 14, in startEngine
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/core/main.py", line 96, in Engine
File "/usr/lib/python3.8/urllib/request.py", line 531, in open
response = meth(req, response)
File "/usr/lib/python3.8/urllib/request.py", line 640, in http_response
response = self.parent.error(
File "/usr/lib/python3.8/urllib/request.py", line 563, in error
result = self._call_chain(*args)
File "/usr/lib/python3.8/urllib/request.py", line 502, in _call_chain
result = func(*args)
File "/usr/lib/python3.8/urllib/request.py", line 755, in http_error_302
return self.parent.open(new, timeout=req.timeout)
File "/usr/lib/python3.8/urllib/request.py", line 531, in open
response = meth(req, response)
File "/usr/lib/python3.8/urllib/request.py", line 640, in http_response
response = self.parent.error(
File "/usr/lib/python3.8/urllib/request.py", line 569, in error
return self._call_chain(*args)
File "/usr/lib/python3.8/urllib/request.py", line 502, in _call_chain
result = func(*args)
File "/usr/lib/python3.8/urllib/request.py", line 649, in http_error_default
raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 429: Too Many Requests
[Add any other context or screenshots about the feature request here.]
When the tool is run on windows based systems, the output printed on terminal is uneven and improper without any proper hashmarks.
No specific command. Reproducible on any command on windows based systems.
Proceeding to test cookie persistence on POST Requests...
No persistent session cookies identified upon POST Requests!
[+] Endpoint might be NOT VULNERABLE to CSRF attacks!
[+] Detected : No Persistent Cookies
Proceeding to test cookie persistence via User-Agent Alteration...
Setting custom generic headers...
Using User-Agent : Chrome on Windows 8.1
Value : Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
Processing the GET Request...
It can be easily solved by escaping the ANSI sequnces with null. PR #23 fixes it. :)
pip3
instead of pip
.Neh.
The --no-verify
option is not checked when making requests in the core/main.py and in the core/inputin.py
requests.get(web)
First, I proxied the terminal through the ZAP proxy
export https_proxy="http://localhost:8082"
Then run
xsrfprobe --no-verify -vv --malicious --cookie 'session=gGYCowmFLMcxL1dnloxmiVqN7qO5ILak' -u https://ac171f651e1e1a0e80c94df100620040.web-security-academy.net/email
Traceback (most recent call last):
File "/usr/lib/python3.7/urllib/request.py", line 1317, in do_open
encode_chunked=req.has_header('Transfer-encoding'))
File "/usr/lib/python3.7/http/client.py", line 1252, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.7/http/client.py", line 1298, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.7/http/client.py", line 1247, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.7/http/client.py", line 1026, in _send_output
self.send(msg)
File "/usr/lib/python3.7/http/client.py", line 966, in send
self.connect()
File "/usr/lib/python3.7/http/client.py", line 1422, in connect
server_hostname=server_hostname)
File "/usr/lib/python3.7/ssl.py", line 423, in wrap_socket
session=session
File "/usr/lib/python3.7/ssl.py", line 870, in _create
self.do_handshake()
File "/usr/lib/python3.7/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1076)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "./start.py", line 15, in <module>
xsrfprobe.startEngine()
File "/home/nyzen/tools/XSRFProbe/xsrfprobe/xsrfprobe.py", line 14, in startEngine
main.Engine() # start the Scanner Engine ;)
File "/home/nyzen/tools/XSRFProbe/xsrfprobe/core/main.py", line 98, in Engine
resp2.open(init1) # Make request as User1
File "/usr/lib/python3.7/urllib/request.py", line 525, in open
response = self._open(req, data)
File "/usr/lib/python3.7/urllib/request.py", line 543, in _open
'_open', req)
File "/usr/lib/python3.7/urllib/request.py", line 503, in _call_chain
result = func(*args)
File "/usr/lib/python3.7/urllib/request.py", line 1360, in https_open
context=self._context, check_hostname=self._check_hostname)
File "/usr/lib/python3.7/urllib/request.py", line 1319, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1076)>
Inputin.py should be easy:
requests.get(web, verify=VERIFY_CERT)
main.py is more difficult. I did not come up with something short and graceful so far
Cookie0 = http.cookiejar.CookieJar() # First as User1
Cookie1 = http.cookiejar.CookieJar() # Then as User2
if not config.VERIFY_CERT:
context=ssl._create_unverified_context()
sslHandler = urllib.request.HTTPSHandler(context=context)
resp1 = build_opener(HTTPCookieProcessor(Cookie0), sslHandler)
resp2 = build_opener(HTTPCookieProcessor(Cookie1), sslHandler)
# resp1.add_handler(sslHandler) -----> this won't work unfortunately, because there will be multiple HTTPSHandlers
# resp2.add_handler(sslHandler)
else:
resp1 = build_opener(HTTPCookieProcessor(Cookie0))
resp2 = build_opener(HTTPCookieProcessor(Cookie1))
pip3
instead of pip
.Hi,
I'm trying to test my webapp in the dev environment (with a self signed certificate) and I get the following crash:
Traceback (most recent call last):
File "/usr/lib/python3.6/urllib/request.py", line 1318, in do_open
encode_chunked=req.has_header('Transfer-encoding'))
File "/usr/lib/python3.6/http/client.py", line 1254, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.6/http/client.py", line 1300, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.6/http/client.py", line 1249, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.6/http/client.py", line 1036, in _send_output
self.send(msg)
File "/usr/lib/python3.6/http/client.py", line 974, in send
self.connect()
File "/usr/lib/python3.6/http/client.py", line 1415, in connect
server_hostname=server_hostname)
File "/usr/lib/python3.6/ssl.py", line 407, in wrap_socket
_context=self, _session=session)
File "/usr/lib/python3.6/ssl.py", line 817, in __init__
self.do_handshake()
File "/usr/lib/python3.6/ssl.py", line 1077, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/bin/xsrfprobe", line 4, in <module>
__import__('pkg_resources').run_script('xsrfprobe==2.1.1', 'xsrfprobe')
File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 658, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 1445, in run_script
exec(script_code, namespace, namespace)
File "/usr/local/lib/python3.6/dist-packages/xsrfprobe-2.1.1-py3.6.egg/EGG-INFO/scripts/xsrfprobe", line 15, in <module>
File "/usr/local/lib/python3.6/dist-packages/xsrfprobe-2.1.1-py3.6.egg/xsrfprobe/xsrfprobe.py", line 14, in startEngine
File "/usr/local/lib/python3.6/dist-packages/xsrfprobe-2.1.1-py3.6.egg/xsrfprobe/core/main.py", line 86, in Engine
File "/usr/lib/python3.6/urllib/request.py", line 526, in open
response = self._open(req, data)
File "/usr/lib/python3.6/urllib/request.py", line 544, in _open
'_open', req)
File "/usr/lib/python3.6/urllib/request.py", line 504, in _call_chain
result = func(*args)
File "/usr/lib/python3.6/urllib/request.py", line 1361, in https_open
context=self._context, check_hostname=self._check_hostname)
File "/usr/lib/python3.6/urllib/request.py", line 1320, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)>
Thank you for your hard work.
Best wishes.
There is a bug where the timeout exception is not being handled properly. An unresponsive site with default timeout 7s gives this error.
python3 xsrfprobe.py -u http://xxxxxxxxx.xx/csrf --display --malicious --max-chars 4
Traceback (most recent call last):
File "C:\Python37\lib\site-packages\urllib3\connectionpool.py", line 384, in _make_request
six.raise_from(e, None)
File "<string>", line 2, in raise_from
File "C:\Python37\lib\site-packages\urllib3\connectionpool.py", line 380, in _make_request
httplib_response = conn.getresponse()
File "C:\Python37\lib\http\client.py", line 1321, in getresponse
response.begin()
File "C:\Python37\lib\http\client.py", line 296, in begin
version, status, reason = self._read_status()
File "C:\Python37\lib\http\client.py", line 257, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
File "C:\Python37\lib\socket.py", line 589, in readinto
return self._sock.recv_into(b)
socket.timeout: timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Python37\lib\site-packages\requests\adapters.py", line 449, in send
timeout=timeout
File "C:\Python37\lib\site-packages\urllib3\connectionpool.py", line 638, in urlopen
_stacktrace=sys.exc_info()[2])
File "C:\Python37\lib\site-packages\urllib3\util\retry.py", line 367, in increment
raise six.reraise(type(error), error, _stacktrace)
File "C:\Python37\lib\site-packages\urllib3\packages\six.py", line 686, in reraise
raise value
File "C:\Python37\lib\site-packages\urllib3\connectionpool.py", line 600, in urlopen
chunked=chunked)
File "C:\Python37\lib\site-packages\urllib3\connectionpool.py", line 386, in _make_request
self._raise_timeout(err=e, url=url, timeout_value=read_timeout)
File "C:\Python37\lib\site-packages\urllib3\connectionpool.py", line 306, in _raise_timeout
raise ReadTimeoutError(self, url, "Read timed out. (read timeout=%s)" % timeout_value)
urllib3.exceptions.ReadTimeoutError: HTTPConnectionPool(host='www.hemsheela.in', port=80): Read timed out. (read timeout=7)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Users\user\Videos\xsrfprobe\core\request.py", line 79, in Get
req = requests.get(url, headers=headers, timeout=TIMEOUT_VALUE, stream=False)
File "C:\Python37\lib\site-packages\requests\api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "C:\Python37\lib\site-packages\requests\api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "C:\Python37\lib\site-packages\requests\sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "C:\Python37\lib\site-packages\requests\sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "C:\Python37\lib\site-packages\requests\adapters.py", line 529, in send
raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: HTTPConnectionPool(host='www.hemsheela.in', port=80): Read timed out. (read timeout=7)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "xsrfprobe.py", line 13, in <module>
main.Engine() # start the Scanner Engine ;)
File "C:\Users\user\Videos\xsrfprobe\core\main.py", line 192, in Engine
soup = crawler.process(fld) # Start the parser
File "C:\Users\user\Videos\xsrfprobe\modules\Crawler.py", line 65, in process
query = Get(url) # Open it (to check if it exists)
File "C:\Users\user\Videos\xsrfprobe\core\request.py", line 100, in Get
ErrorLogger(main_url, e.__str__())
NameError: name 'main_url' is not defined
Proper handling of the requests.exceptions.ReadTimeout
along with proper naming of variable main_url
will solve it.
pip3
instead of pip
.I'll make a PR for this. :)
Cannot start the tool after installing with pip3: /usr/bin/env: ‘python3\r’: No such file or directory
. I have installed pip through the get-pip.py, not repository.
For some reason /usr/local/bin/xsrfprobe
is formatted as Windows file.
xsrfprobe
pip3
instead of pip
.Traceback (most recent call last):
File "/PEDRO/XSRFProbe/core/inputin.py", line 36, in inputin
print(O+'Testing '+color.CYAN+web.split('//')[1].split('/', 1)[1]+color.END+' endpoint status...')
IndexError: list index out of range
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "xsrfprobe.py", line 13, in <module>
main.Engine() # start the Scanner Engine ;)
File "/PEDRO/XSRFProbe/core/main.py", line 70, in Engine
web, fld = inputin() # Take the input
File "/PEDRO/XSRFProbe/core/inputin.py", line 53, in inputin
verbout(R, "Exception Caught: "+e.__str__())
NameError: name 'verbout' is not defined
I have to make a request to a site that only allows POST requests and your scanner takes me as an invalid website for testing.
i want to try XSRFprobe i install all dependecies but something happen XSRFprobe wont run error code DeprecationWarning: pkg_resources is deprecated as an API
[A clear and concise description of what the bug is]
[The command you entered into the terminal when you faced this error]
####running install
/usr/local/lib/python3.11/dist-packages/setuptools/_distutils/cmd.py:66: SetuptoolsDeprecationWarning: setup.py install is deprecated.
!!
********************************************************************************
Please avoid running ``setup.py`` directly.
Instead, use pypa/build, pypa/installer or other
standards-based tools.
See https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html for details.
********************************************************************************
!!
self.initialize_options()
/usr/local/lib/python3.11/dist-packages/setuptools/_distutils/cmd.py:66: EasyInstallDeprecationWarning: easy_install command is deprecated.
!!
********************************************************************************
Please avoid running ``setup.py`` and ``easy_install``.
Instead, use pypa/build, pypa/installer or other
standards-based tools.
See https://github.com/pypa/setuptools/issues/917 for details.
********************************************************************************
!!
self.initialize_options()
running bdist_egg
running egg_info
creating xsrfprobe.egg-info
writing xsrfprobe.egg-info/PKG-INFO
writing dependency_links to xsrfprobe.egg-info/dependency_links.txt
writing requirements to xsrfprobe.egg-info/requires.txt
writing top-level names to xsrfprobe.egg-info/top_level.txt
writing manifest file 'xsrfprobe.egg-info/SOURCES.txt'
reading manifest file 'xsrfprobe.egg-info/SOURCES.txt'
adding license file 'LICENSE'
writing manifest file 'xsrfprobe.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_py
creating build
creating build/lib
creating build/lib/xsrfprobe
copying xsrfprobe/init.py -> build/lib/xsrfprobe
copying xsrfprobe/xsrfprobe.py -> build/lib/xsrfprobe
creating build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Checkpost.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Generator.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Parser.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Encoding.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Analysis.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Tamper.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/init.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Cookie.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Crawler.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Origin.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Referer.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Persistence.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Token.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Debugger.py -> build/lib/xsrfprobe/modules
copying xsrfprobe/modules/Entropy.py -> build/lib/xsrfprobe/modules
creating build/lib/xsrfprobe/core
copying xsrfprobe/core/updater.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/init.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/request.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/verbout.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/randua.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/inputin.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/logger.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/options.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/colors.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/forms.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/prettify.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/main.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/banner.py -> build/lib/xsrfprobe/core
copying xsrfprobe/core/utils.py -> build/lib/xsrfprobe/core
creating build/lib/xsrfprobe/files
copying xsrfprobe/files/discovered.py -> build/lib/xsrfprobe/files
copying xsrfprobe/files/config.py -> build/lib/xsrfprobe/files
copying xsrfprobe/files/init.py -> build/lib/xsrfprobe/files
copying xsrfprobe/files/paramlist.py -> build/lib/xsrfprobe/files
copying xsrfprobe/files/dcodelist.py -> build/lib/xsrfprobe/files
creating build/bdist.linux-x86_64
creating build/bdist.linux-x86_64/egg
creating build/bdist.linux-x86_64/egg/xsrfprobe
creating build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Checkpost.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Generator.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Parser.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Encoding.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Analysis.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Tamper.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/init.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Cookie.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Crawler.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Origin.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Referer.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Persistence.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Token.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Debugger.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/modules/Entropy.py -> build/bdist.linux-x86_64/egg/xsrfprobe/modules
copying build/lib/xsrfprobe/init.py -> build/bdist.linux-x86_64/egg/xsrfprobe
creating build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/updater.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/init.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/request.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/verbout.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/randua.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/inputin.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/logger.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/options.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/colors.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/forms.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/prettify.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/main.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/banner.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
copying build/lib/xsrfprobe/core/utils.py -> build/bdist.linux-x86_64/egg/xsrfprobe/core
creating build/bdist.linux-x86_64/egg/xsrfprobe/files
copying build/lib/xsrfprobe/files/discovered.py -> build/bdist.linux-x86_64/egg/xsrfprobe/files
copying build/lib/xsrfprobe/files/config.py -> build/bdist.linux-x86_64/egg/xsrfprobe/files
copying build/lib/xsrfprobe/files/init.py -> build/bdist.linux-x86_64/egg/xsrfprobe/files
copying build/lib/xsrfprobe/files/paramlist.py -> build/bdist.linux-x86_64/egg/xsrfprobe/files
copying build/lib/xsrfprobe/files/dcodelist.py -> build/bdist.linux-x86_64/egg/xsrfprobe/files
copying build/lib/xsrfprobe/xsrfprobe.py -> build/bdist.linux-x86_64/egg/xsrfprobe
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Checkpost.py to Checkpost.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Generator.py to Generator.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Parser.py to Parser.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Encoding.py to Encoding.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Analysis.py to Analysis.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Tamper.py to Tamper.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/init.py to init.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Cookie.py to Cookie.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Crawler.py to Crawler.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Origin.py to Origin.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Referer.py to Referer.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Persistence.py to Persistence.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Token.py to Token.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Debugger.py to Debugger.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/modules/Entropy.py to Entropy.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/init.py to init.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/updater.py to updater.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/init.py to init.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/request.py to request.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/verbout.py to verbout.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/randua.py to randua.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/inputin.py to inputin.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/logger.py to logger.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/options.py to options.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/colors.py to colors.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/forms.py to forms.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/prettify.py to prettify.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/main.py to main.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/banner.py to banner.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/core/utils.py to utils.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/files/discovered.py to discovered.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/files/config.py to config.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/files/init.py to init.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/files/paramlist.py to paramlist.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/files/dcodelist.py to dcodelist.cpython-311.pyc
byte-compiling build/bdist.linux-x86_64/egg/xsrfprobe/xsrfprobe.py to xsrfprobe.cpython-311.pyc
creating build/bdist.linux-x86_64/egg/EGG-INFO
installing scripts to build/bdist.linux-x86_64/egg/EGG-INFO/scripts
running install_scripts
running build_scripts
creating build/scripts-3.11
copying and adjusting xsrfprobe/bin/xsrfprobe -> build/scripts-3.11
changing mode of build/scripts-3.11/xsrfprobe from 644 to 755
creating build/bdist.linux-x86_64/egg/EGG-INFO/scripts
copying build/scripts-3.11/xsrfprobe -> build/bdist.linux-x86_64/egg/EGG-INFO/scripts
changing mode of build/bdist.linux-x86_64/egg/EGG-INFO/scripts/xsrfprobe to 755
copying xsrfprobe.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying xsrfprobe.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying xsrfprobe.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying xsrfprobe.egg-info/requires.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying xsrfprobe.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
zip_safe flag not set; analyzing archive contents...
creating dist
creating 'dist/xsrfprobe-2.3.1-py3.11.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing xsrfprobe-2.3.1-py3.11.egg
Copying xsrfprobe-2.3.1-py3.11.egg to /usr/local/lib/python3.11/dist-packages
Adding xsrfprobe 2.3.1 to easy-install.pth file
Installing xsrfprobe script to /usr/local/bin
Installed /usr/local/lib/python3.11/dist-packages/xsrfprobe-2.3.1-py3.11.egg
Processing dependencies for xsrfprobe==2.3.1
Searching for yattag
Reading https://pypi.org/simple/yattag/
Downloading https://files.pythonhosted.org/packages/75/49/51045efa8c4e42831c80e0031ee4139450347e587e5cda0a731198ed6e36/yattag-1.15.2.tar.gz#sha256=aad9f540bd22dc503e5b5506cc47856facf081aa71fd35f727371b63e1e402bf
Best match: yattag 1.15.2
Processing yattag-1.15.2.tar.gz
Writing /tmp/easy_install-gxbu2wxy/yattag-1.15.2/setup.cfg
Running yattag-1.15.2/setup.py -q bdist_egg --dist-dir /tmp/easy_install-gxbu2wxy/yattag-1.15.2/egg-dist-tmp-nag2bd69
/usr/local/lib/python3.11/dist-packages/setuptools/_distutils/cmd.py:66: SetuptoolsDeprecationWarning: setup.py install is deprecated.
!!
********************************************************************************
Please avoid running ``setup.py`` directly.
Instead, use pypa/build, pypa/installer or other
standards-based tools.
See https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html for details.
********************************************************************************
!!
self.initialize_options()
zip_safe flag not set; analyzing archive contents...
Adding yattag 1.15.2 to easy-install.pth file
detected new path './xsrfprobe-2.3.1-py3.11.egg'
Installed /usr/local/lib/python3.11/dist-packages/yattag-1.15.2-py3.11.egg
Searching for stringdist
Reading https://pypi.org/simple/stringdist/
Downloading https://files.pythonhosted.org/packages/85/f0/c56cbe92b4b06fbc7adaa81917ad34d7027834e166fff2d2db73961c67fa/StringDist-1.0.9.tar.gz#sha256=91e6d4a348223db094d029e7e3de9ce89c561738047555dfad60ff5ccb7a5b74
Best match: StringDist 1.0.9
Processing StringDist-1.0.9.tar.gz
Writing /tmp/easy_install-435izjmw/StringDist-1.0.9/setup.cfg
Running StringDist-1.0.9/setup.py -q bdist_egg --dist-dir /tmp/easy_install-435izjmw/StringDist-1.0.9/egg-dist-tmp-8yd36azo
/usr/local/lib/python3.11/dist-packages/setuptools/_distutils/cmd.py:66: SetuptoolsDeprecationWarning: setup.py install is deprecated.
!!
********************************************************************************
Please avoid running ``setup.py`` directly.
Instead, use pypa/build, pypa/installer or other
standards-based tools.
See https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html for details.
********************************************************************************
!!
self.initialize_options()
zip_safe flag not set; analyzing archive contents...
pycache.cstringdist.cpython-311: module references file
Adding StringDist 1.0.9 to easy-install.pth file
detected new path './yattag-1.15.2-py3.11.egg'
Installed /usr/local/lib/python3.11/dist-packages/StringDist-1.0.9-py3.11-linux-x86_64.egg
Searching for tld==0.11.11
Best match: tld 0.11.11
Adding tld 0.11.11 to easy-install.pth file
detected new path './StringDist-1.0.9-py3.11-linux-x86_64.egg'
Using /usr/lib/python3/dist-packages
Searching for bs4==0.0.1
Best match: bs4 0.0.1
Adding bs4 0.0.1 to easy-install.pth file
Using /usr/local/lib/python3.11/dist-packages
Searching for requests==2.31.0
Best match: requests 2.31.0
Adding requests 2.31.0 to easy-install.pth file
Using /usr/lib/python3/dist-packages
Searching for beautifulsoup4==4.12.2
Best match: beautifulsoup4 4.12.2
Adding beautifulsoup4 4.12.2 to easy-install.pth file
Using /usr/lib/python3/dist-packages
Searching for soupsieve==2.5
Best match: soupsieve 2.5
Adding soupsieve 2.5 to easy-install.pth file
Using /usr/lib/python3/dist-packages
Finished processing dependencies for xsrfprobe==2.3.1
[~/Desktop/XSRFProbe]
└─$ xsrfprobe --help
/usr/local/bin/xsrfprobe:4: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html
import('pkg_resources').run_script('xsrfprobe==2.3.1', 'xsrfprobe')
Traceback (most recent call last):
File "/usr/local/bin/xsrfprobe", line 4, in
import('pkg_resources').run_script('xsrfprobe==2.3.1', 'xsrfprobe')
File "/home/whitedragon/.local/lib/python3.11/site-packages/pkg_resources/init.py", line 722, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/home/whitedragon/.local/lib/python3.11/site-packages/pkg_resources/init.py", line 1548, in run_script
raise ResolutionError(
pkg_resources.ResolutionError: Script 'scripts/xsrfprobe' not found in metadata at '/home/whitedragon/.local/lib/python3.11/site-packages/xsrfprobe-2.3.1.dist-info'
sorry about lack of english language im not good in english language
hope you can fix this
[Add screenshots or paste terminal output trace error to help explain your problem.
[Do you know what could be causing the problem or how to fix it?]
pip3
instead of pip
.[Something else you want the author to know?]
I am using python2.7 to run the code from the repository.
The cookie values are not accepted if given in input. If there is no value given
Enter target address :> http://xyz.in
[!] Testing site status...
[+] Site seems to be up!
[$] Got any cookies? [Enter for None] :>
Traceback (most recent call last):
File "xsrfprobe.py", line 14, in <module>
xsrf_main() # the true start of the program ;)
File "/home/XSRFProbe/core/xsrf_main.py", line 28, in xsrf_main
Cookie0 = cookielib.CookieJar() # cookies ummm...
NameError: global name 'cookielib' is not defined
Do let me know if you need additional information.
flake8 testing of https://github.com/theInfectedDrake/XSRFProbe on Python 3.7.0
$ flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics
./core/xsrf_main.py:58:47: E999 TabError: inconsistent use of tabs and spaces in indentation
soup=crawler.process(web) # start the parser
^
1 E999 TabError: inconsistent use of tabs and spaces in indentation
1
XSRFProbe has been inventoried on Rawsec's CyberSecurity Inventory.
https://inventory.rawsec.ml/tools.html#XSRFProbe
An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.
More details about features here.
Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.
Mainly because this is giving visibility to your tool and improve its referencing.
The badge shows to your community that your are inventoried. It looks good but also shows you care about your project, that your tool is referenced.
Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.
If you want to thank us, you can help make our open project better known by tweeting about it! For example:
That's all, this message is just to notify you if you care. Else you can close this issue.
While trying to scan a website on my local machine http://127.0.0.1:3000 the tool does not seem to work, it displays to me an error that says " Domain 127.0.0.1 didn't match any existing TLD name!".
I have tried two commands:
sudo xsrfprobe -u http://127.0.0.1:3000
sudo xsrfprobe -u http://localhost:3000
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/core/options.py", line 170, in <module>
File "/usr/lib/python3/dist-packages/tld/utils.py", line 366, in get_fld
domain_parts, non_zero_i, parsed_url = process_url(
File "/usr/lib/python3/dist-packages/tld/utils.py", line 316, in process_url
raise TldDomainNotFound(domain_name=domain_name)
tld.exceptions.TldDomainNotFound: Domain 127.0.0.1 didn't match any existing TLD name!
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/bin/xsrfprobe", line 4, in <module>
__import__('pkg_resources').run_script('xsrfprobe==2.3.1', 'xsrfprobe')
File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 667, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 1471, in run_script
exec(script_code, namespace, namespace)
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/EGG-INFO/scripts/xsrfprobe", line 15, in <module>
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/xsrfprobe.py", line 13, in startEngine
File "<frozen importlib._bootstrap>", line 991, in _find_and_load
File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
File "<frozen importlib._bootstrap>", line 618, in _load_backward_compatible
File "<frozen zipimport>", line 259, in load_module
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/core/main.py", line 34, in <module>
File "<frozen importlib._bootstrap>", line 991, in _find_and_load
File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
File "<frozen importlib._bootstrap>", line 618, in _load_backward_compatible
File "<frozen zipimport>", line 259, in load_module
File "/usr/local/lib/python3.8/dist-packages/xsrfprobe-2.3.1-py3.8.egg/xsrfprobe/core/options.py", line 176, in <module>
AttributeError: 'NoneType' object has no attribute 'group'
Maybe add an exception to the localhost domain?
Besides from that, I would like to thank you for making such a cool tool !!!
Hello,
I was trying to run this tool into one of our web applications and got an "Exception Caught: list index out of range" result.
Our web application was installed in another PC and can be accessed using its IP via specific port.
If I include the port, the result is "Site seems to be down..." and if I exclude the port, I'll get "Exception Caught: list index out of range"
Can someone help me figure out how to use this tool effectively?
Thank you very much.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.