MCPcopy
hub / github.com/mitmproxy/mitmproxy / test_referer_injection

Function test_referer_injection

examples/contrib/xss_scanner.py:147–157  ·  view source on GitHub ↗

Test the given URL for XSS via injection into the referer and log the XSS if found

(
    original_body: str, request_URL: str, cookies: Cookies
)

Source from the content-addressed store, hash-verified

145
146
147def test_referer_injection(
148 original_body: str, request_URL: str, cookies: Cookies
149) -> VulnData:
150 """Test the given URL for XSS via injection into the referer and
151 log the XSS if found"""
152 body = requests.get(
153 request_URL, headers={"referer": FULL_PAYLOAD}, cookies=cookies
154 ).text.lower()
155 xss_info = get_XSS_data(body, request_URL, "Referer")
156 sqli_info = get_SQLi_data(body, original_body, request_URL, "Referer")
157 return xss_info, sqli_info
158
159
160def test_user_agent_injection(

Callers 1

responseFunction · 0.85

Calls 3

get_XSS_dataFunction · 0.85
get_SQLi_dataFunction · 0.85
getMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…