xss检测小插件

只写了URL参数检测和form表单检测

伪静态,ajax,ip,user-agent,数据包头这些是后续要加的

很菜,可还是我的一次分水岭
(function(){

var onlyString = “hagen()\””; //误报率要为0,可以设置为onclick\’\\/()<>”

var urlWhiteList =
[‘baidu.com’,
‘360.cn’,
‘google.com’]; //白名单
for(var i = 0;i < urlWhiteList.length;i++){
if(urlWhiteList[i].indexOf(window.location.host) != “-1”){
return false;
}
}

function parameterXss () { //参数型xss
var protocol = window.location.protocol;
var hostname = window.location.host;
var pathname = location.pathname;
var parameter = location.search.substring(1).split(“&”);
var url = protocol + “//” + hostname + pathname + “?”;
var xss = “”;
var paraData;

for (var i = 0; i < parameter.length; i++) {
paraData = parameter[i];
parameter[i] += onlyString;
$.ajax({
url: url + parameter.join(‘&’),
type: ‘get’,
dataType: ‘text’,
async: false,
})
.done(function(data) {
if (data.indexOf(parameter[i].split(“=”)[1]) != “-1”) {
xss += parameter[i].split(“=”)[0] + ” | “;
}
})
parameter[i] = paraData;
}

if (xss == “”) {
return false;
}else{
alert(“参数型xss漏洞:” + xss.substring(0,xss.length-2));
}
}

function formXss(){ //form表单xss
var tureForm; //符合条件的form表单
var actionUrl; //form表单中的action发送地址
var methodType; //form表单中的method发送方式
var sendData = “”; //需要发送的数据
var sendUrl; //发送数据时的url

tureForm = $(“form”).filter(function(index,item){ //去除含有验证码的form表单
var formImg = $(item).find(“img”);
if(formImg.length==0){return true;} //没有图片,直接选取
for(var i=0;i<formImg.length;i++){
imgSrc = $(formImg[i]).attr(“src”);
if(!!imgSrc){
if(imgSrc.indexOf(“?”) != “-1”){imgSrc = imgSrc.slice(0,imgSrc.indexOf(“?”));}
var srcSuf = imgSrc.substr(imgSrc.lastIndexOf(“.”),imgSrc.length);
if((srcSuf != “.png”) && (srcSuf != “.jpg”) && (srcSuf != “.jpeg”) && (srcSuf != “.gif”)){return false;} //src后缀不为图片,判断为验证码,不选取
}
}
return true;
})

if(tureForm.length <= 0){return false;} tureForm = $(tureForm).filter(function(index,item){ //选取有输入框并且有submit的form表单 return $(item).find(“:submit”).length > 0 && ($(item).find(“:text”).length > 0 || $(item).find(“:password”).length >0 || $(item).find(“:radio”).length > 0 || $(item).find(“:checkbox”).length > 0);
})

if(tureForm.length <= 0){return false;}

tureForm = $(tureForm).filter(function(index,item){ //选取至少有一个input含有name属性的form表单
var formInput = $(item).find(“input:not(:submit)”);
for(var i=0;i<formInput.length;i++){
if(!!$(formInput[i]).attr(“name”)){return true;}
}
return false;
})

if(tureForm.length <= 0){return false;}

for(var i=0;i<tureForm.length;i++){ //发送数据
actionUrl = $(tureForm[i]).attr(“action”);
methodType = $(tureForm[i]).attr(“method”);
if(actionUrl == undefined || actionUrl == “#” || actionUrl == “”){
actionUrl = location.href;
}
if(methodType == undefined || methodType == “” || methodType == “#”){
methodType = “get”;
}
var formInput2 = $(tureForm[i]).find(“input:not(:submit)”);
var willSendData = “”;
for (var j=0;j<formInput2.length;j++) {
if(!!$(formInput2[j]).attr(“name”)){
willSendData += $(formInput2[j]).attr(“name”) + “=” + onlyString + j + “&”;
}
}
sendData = willSendData.substring(0,willSendData.length-1);

var xss = “”;
$.ajax({
url: actionUrl,
type: methodType,
dataType: ‘text’,
data: sendData,
async: false,
})
.done(function(data) {
for(var j=0;j<formInput2.length;j++){ if(data.indexOf(onlyString + j) != “-1”){ $(formInput2[j]).css(“border”,”3px solid red”) .val(“此输入框存在XSS!”); xss += ((j+1) + ” | “); } } if (xss == “”) { return false; }else{ xss = xss.substring(0,xss.length-2); alert(“存在form表单xss:\n” +”表单action为” + actionUrl + “\n第” + xss + “个input”); } }) } } if(location.search != “”){ //当参数不为空时,跳转到parameter_Xss函数里 parameterXss(); } /*if(location.href.split(“/”)[3] != “”){ //当完整的URL里第三个/后存在字符串,则跳转到pseudoStatic_Xss函数里 pseudoStaticXss(); }*/ if($(“form”).length > 0){ //当页面存在form表单,就跳转到form_Xss函数里
formXss();
}

})()