Comments (6)
hahwul
commented on September 14, 2024
2
@ChillVibesMushroom
I think that would be suitable for --custom-payload flag.
from dalfox.
hahwul
commented on September 14, 2024
1
To achieve your desired action, there are three specific flags that you can try.
--custom-alert-typeand--custom-alert-value--custom-payload
If you want to test with a custom payload, you can use the --custom-payload flag. The other flags are related to functions, such as alert. Currently, there is no direct way to modify the function, but you can achieve a similar effect with a simple trick (with --custom-alert-value).
dalfox url https://xss-game.appspot.com/level1/frame \
--custom-alert-value "1);your_payload;console.log("
# [POC][R][GET][inHTML-none(1)-URL] https://xss-game.appspot.com/level1/frame?query=%3CsVg%2Fonload%3Dprompt%281%29%3Byour_payload%3Bconsole.log%28%29%3E
# https://xss-game.appspot.com/level1/frame?query=%3CsVg%2Fonload%3Dprompt%281%29%3Byour_payload%3Bconsole.log%28%29%3E
If you're interested, I can write some code and create a new flag that modifies the function.
(e.g --custom-func)
from dalfox.
ChillVibesMushroom
commented on September 14, 2024
1
<script>alert("test");</script>@ChillVibesMushroom
The use of flag is correct. However, I think it may differ from the desired behavior depending on what the file means and the purpose.Could you show me an example of the .js file? I don't understand exactly what kind of action you want. 😭
from dalfox.
ChillVibesMushroom
commented on September 14, 2024
dalfox url https://xss-game.appspot.com/level1/frame \ --custom-payload /home/scripts/JavaScript.js
Would that input be right ?
from dalfox.
hahwul
commented on September 14, 2024
@ChillVibesMushroom
The use of flag is correct. However, I think it may differ from the desired behavior depending on what the file means and the purpose.
Could you show me an example of the .js file? I don't understand exactly what kind of action you want. 😭
from dalfox.
ChillVibesMushroom
commented on September 14, 2024
Ill give it a shot right now Im looking into different frameworks I just remembered I actually do have to install Dalfox you know what I realized though that the tool is pretty powerful it doesn't automatically go incognito mode it just gets straight too it and alongside
other tools like hakrawler its powerful.
I was going to ask you but I never got the chance what tools would you use alongside dalfox when scanning a website for vulnerabilities.
from dalfox.
Related Issues (20)
- Inconsistent output HOT 1
- --output-request is not working when raw request is provided as input
- Blind XSS not working
- Xss.ht file HOT 2
- [G] Found dalfox-google-api via built-in grepping HOT 1
- Dalfox Installation Issue
- Multi threading functionality
- Docker: Version of GLIBC dependencies is not met
- config parameter not working HOT 1
- Feature Request: Custom Injection Point Support in DalFox
- Bug with scan website HOT 1
- Using TOP SOCKS
- "Dalfox" is not a command HOT 3
- POC issue HOT 2
- Support to Caido's active workflows
- Add logging time for detecting blind xss
- reflected payload in html HOT 1
- The output file is not created if the poc is only reflected
- could not retrieve document root HOT 1
- Can't Install Via Go, Snapcraft, or Docker
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dalfox.