minor bug fixes and bump to 3.0.3

s0md3v · web-flow · commit 4ba2dfe159b7 · 2018-11-14T23:59:03.000+05:30
diff --git a/core/config.py b/core/config.py
@@ -1,4 +1,4 @@
-changes = '''detection of up to 66 WAFs'''
+changes = '''bug fixes;detection of up to 66 WAFs'''
 
 defaultEditor = 'nano'
 blindPayload = '' # your blind XSS payload
diff --git a/core/fuzzer.py b/core/fuzzer.py
@@ -40,7 +40,7 @@ def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding):
                 limit -= 1
                 sleep(1)
             try:
-                requests.get(url, timeout=5, headers=headers)
+                requester(url, params, headers, GET, 0, 10)
                 print ('\n%s Pheww! Looks like sleeping for %s%i%s seconds worked!' % (good, green, (delay + 1) * 2), end)
             except:
                 print ('\n%s Looks like WAF has blocked our IP Address. Sorry!' % bad)
diff --git a/xsstrike.py b/xsstrike.py
@@ -6,7 +6,7 @@
 
 # Just a fancy ass banner
 print('''%s
-\tXSStrike %sv3.0.2
+\tXSStrike %sv3.0.3
 %s''' % (red, white, end))
 
 try:
@@ -213,10 +213,10 @@ def singleTarget(target, paramData, verbose, encoding):
                     print ('%s Efficiency: %i' % (info, bestEfficiency))
                     print ('%s Confidence: %i' % (info, confidence))
 
-def multiTargets(scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload):
+def multiTargets(scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload, headers, delay, timeout):
     signatures = set()
     if domURL and not skipDOM:
-        response = requests.get(domURL).text
+        response = requester(domURL, {}, headers, True, delay, timeout).text
         highlighted = dom(response)
         if highlighted:
             print ('%s Potentially vulnerable objects found at %s' % (good, domURL))
@@ -316,7 +316,7 @@ def bruteforcer(target, paramData, payloadList, verbose, encoding):
         for i in range(difference):
             domURLs.append(0)
     threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threadCount)
-    futures = (threadpool.submit(multiTargets, scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload) for form, domURL in zip(forms, domURLs))
+    futures = (threadpool.submit(multiTargets, scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload, headers, delay, timeout) for form, domURL in zip(forms, domURLs))
     for i, _ in enumerate(concurrent.futures.as_completed(futures)):
         if i + 1 == len(forms) or (i + 1) % threadCount == 0:
             print('%s Progress: %i/%i' % (info, i + 1, len(forms)), end='\r')

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-changes = '''detection of up to 66 WAFs'''`
	`1`	`+changes = '''bug fixes;detection of up to 66 WAFs'''`
`2`	`2`
`3`	`3`	`defaultEditor = 'nano'`
`4`	`4`	`blindPayload = '' # your blind XSS payload`