Dalfox 2.9 Release 🌸
Hi hackers! Dalfox v2.9 has been released 🚀
In this release of Dalfox, a flag has been added to record Dalfox traffic in HAR file and Raw HTTP Req/Res, which can be checked in CLI Output or JSON Report, etc. Although there are not many added features in this release, it is still better than before. Therefore, I recommend updating to the latest version. :D
Thank you ❤️
I thank all contributors for their help. In particular, I would like to express my special thanks to @aidansteele who sent me a great code and @kmcquade who gave me a great idea.
Release
Please refer to the document below for updates.
https://dalfox.hahwul.com/docs/update/
Traffic in HAR
With the --har-file-path flag, you can save traffic in Dalfox in the HAR format. You can view the saved HAR files directly or load them into your browser to see how the testing was performed.
dalfox url https://xss-game.appspot.com/level1/frame --har-file-path=log.har
wc -l log.har
567 log.har
in CLI
in Browser
Raw HTTP
You can now use the --output-request and --output-response flags to add HTTP requests and responses to the Dalfox detection results. In the default output, they appear gray, similar to the output of the code area, and in the JSON output, values are recorded with the keys ‘raw_request’ and ‘raw_response’.
Plain
dalfox url https://xss-game.appspot.com/level1/frame \
--output-request \
--output-response
JSON
dalfox url https://xss-game.appspot.com/level1/frame \
--report \
--report-format json \
--silence \
--output-request
{
"logs": null,
"pocs": [
{
"type": "V",
"inject_type": "inHTML-none(1)-URL",
"poc_type": "plain",
"method": "GET",
"data": "https://xss-game.appspot.com/level1/frame?query=%3Caudio+controls+ondurationchange%3Dalert%281%29+id%3Ddalfox%3E%3Csource+src%3D1.mp3+type%3Daudio%2Fmpeg%3E%3C%2Faudio%3E",
"param": "query",
"payload": "\u003caudio controls ondurationchange=alert(1) id=dalfox\u003e\u003csource src=1.mp3 type=audio/mpeg\u003e\u003c/audio\u003e",
"evidence": "13 line: s were found for \u003cb\u003e\u003caudio controls ondurationchange=alert(1) id=dalfox\u003e\u003csource ",
"cwe": "CWE-79",
"severity": "High",
"message_id": 223,
"message_str": "Triggered XSS Payload (found DOM Object): query=\u003caudio controls ondurationchange=alert(1) id=dalfox\u003e\u003csource src=1.mp3 type=audio/mpeg\u003e\u003c/audio\u003e",
"raw_request": "GET /level1/frame?query=%3Caudio+controls+ondurationchange%3Dalert%281%29+id%3Ddalfox%3E%3Csource+src%3D1.mp3+type%3Daudio%2Fmpeg%3E%3C%2Faudio%3E HTTP/1.1\r\nHost: xss-game.appspot.com\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:75.0) Gecko/20100101 Firefox/75.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\nAccept-Encoding: gzip\r\n\r\n"
}
],
"params": [
{
"Name": "query",
"Type": "URL",
"Reflected": true,
"ReflectedPoint": "/inHTML-none(1)",
"ReflectedCode": "13 line: Sorry, no results were found for \u003cb\u003eDalFox\u003c/b\u003e. \u003ca href='?'\u003eTry again",
"Chars": [
"\\",
")",
"|",
"\"",
"'",
"-",
"`",
"\u003e",
"$",
"+",
"]",
"=",
";",
":",
"[",
"}",
"{",
",",
"(",
".",
"\u003c"
]
}
],
"duration": 4841809667,
"start_time": "2023-03-28T11:07:15.574531+09:00",
"end_time": "2023-03-28T11:07:20.416285+09:00"
}
Message ID/Str
The results now include a sequence of messages used for each request and a message from the PoC. They are marked as ‘message_id’ and ‘message_str’, respectively.
{
"pocs": [
{
"message_id": 223,
"message_str": "Triggered XSS Payload (found DOM Object): query=\u003caudio controls ondurationchange=alert(1) id=dalfox\u003e\u003csource src=1.mp3 type=audio/mpeg\u003e\u003c/audio\u003e"
}
]
}
Apple Sillicon Docker
Docker images for arm64(apple sillicon) are provided.
More
It also includes various bug fixes and dependency updates, as well as improvements to attack code. :D