MCPcopy
hub / github.com/mitmproxy/mitmproxy / test_query_injection

Function test_query_injection

examples/contrib/xss_scanner.py:173–188  ·  view source on GitHub ↗

Test the given URL for XSS via injection into URL queries and log the XSS if found

(original_body: str, request_URL: str, cookies: Cookies)

Source from the content-addressed store, hash-verified

171
172
173def test_query_injection(original_body: str, request_URL: str, cookies: Cookies):
174 """Test the given URL for XSS via injection into URL queries and
175 log the XSS if found"""
176 parsed_URL = urlparse(request_URL)
177 query_string = parsed_URL.query
178 # queries is a list of parameters where each parameter is set to the payload
179 queries = [
180 query.split("=")[0] + "=" + FULL_PAYLOAD.decode("utf-8")
181 for query in query_string.split("&")
182 ]
183 new_query_string = "&".join(queries)
184 new_URL = parsed_URL._replace(query=new_query_string).geturl()
185 body = requests.get(new_URL, cookies=cookies).text.lower()
186 xss_info = get_XSS_data(body, new_URL, "Query")
187 sqli_info = get_SQLi_data(body, original_body, new_URL, "Query")
188 return xss_info, sqli_info
189
190
191def log_XSS_data(xss_info: XSSData | None) -> None:

Callers 1

responseFunction · 0.85

Calls 6

get_XSS_dataFunction · 0.85
get_SQLi_dataFunction · 0.85
splitMethod · 0.45
decodeMethod · 0.45
joinMethod · 0.45
getMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…