xzzuf/xzzuf.py

from urllib.parse import unquote
import selenium
import time
from selenium import webdriver
from selenium.webdriver.support.ui import WebDriverWait
from urllib.parse import urlparse
from urllib.parse import urlencode

from tags import Attributes

# WAFBypass class


class WAFBypass():
    code = "window.alert_trigger = false;window.alert = function() {window.alert_trigger = true;}"

    def __init__(self, url) -> None:
        self.options = webdriver.ChromeOptions()
        self.options.add_argument('--no-sandbox')
        self.options.add_argument('--headless')
        self.driver = webdriver.Chrome(options=self.options)
        self.url = urlparse(url)

        if not self.check_connection():
            raise Exception("Connection Error")

        self.driver.execute_cdp_cmd(
            "Page.addScriptToEvaluateOnNewDocument", {"source": self.code})

    def check_connection(self):
        try:
            self.driver.get(self.url.geturl())
            return True
        except:
            return False

    def wait_for_pageload(self):
        try:
            WebDriverWait(self.driver, 4).until(
                lambda driver: driver.execute_script("return document.readyState") == "complete")
        except TimeoutError:
            raise Exception("Page Load Error")

    def get_page_title(self):
        return self.driver.title

    @property
    def is_403(self):
        return self.driver.title == "403 Forbidden"

    @property
    def triggered_xss(self):
        return self.driver.execute_script("return window.alert_trigger")

    def navigate(self, url):
        self.driver.get(url)
        self.wait_for_pageload()

        is403 = False

        if self.is_403:
            is403 = True
        else:
            is403 = False

        triggerxss = self.triggered_xss

        return (is403, triggerxss)

    def run_fuzz(self):
        try:
            for attr in Attributes:
                # print(f"[*] Testing {attr.name} attribute {attr}")
                encoded = urlencode({"param2": f"{attr}"})
                url = f"{self.url.scheme}://{self.url.netloc}/?{encoded}"
                # print(url)
                is403, trigger = self.navigate(url)
                if not is403:
                    print(f"[+] {attr.name} attribute is not filtered")
        except KeyboardInterrupt:
            self.driver.close()
            exit(0)


w = WAFBypass("http://aws-wafbypass-lb-311079289.eu-south-1.elb.amazonaws.com")
w.run_fuzz()