Merge pull request #43 from 0xInfection/dev

0xInfection · web-flow · commit 03b9a9b9f57c · 2020-01-29T20:38:59.000+05:30
Ready for a new release
diff --git a/xsrfprobe/core/main.py b/xsrfprobe/core/main.py
@@ -103,12 +103,12 @@ def Engine():  # lets begin it!
         # Implementing the first mode. [NO CRAWL]
         if not CRAWL_SITE:
             url = web
-            response = Get(url).text
             try:
-                verbout(O,'Trying to parse response...')
+                response = Get(url).text
+                verbout(O, 'Trying to parse response...')
                 soup = BeautifulSoup(response)  # Parser init
-            except HTMLParser.HTMLParseError:
-                verbout(R,'BeautifulSoup Error: '+url)
+            except AttributeError:
+                verbout(R, 'No response received, site probably down: '+url)
             i = 0 # Init user number
             if REFERER_ORIGIN_CHECKS:
                 # Referer Based Checks if True...
@@ -302,7 +302,8 @@ def Engine():  # lets begin it!
         GetLogger()  # The scanning has interrupted, so now we can log out all the links ;)
         sys.exit(1)
     except Exception as e:
-        print('\n'+R+'Encountered an error. \n'+R+'Please view the error log files to view what went wrong.')
+        print('\n'+R+'Encountered an error. \n')
+        print(R+'Please view the error log files to view what went wrong.')
         verbout(R, e.__str__())
         ErrorLogger(url, e)
         GetLogger()
diff --git a/xsrfprobe/files/paramlist.py b/xsrfprobe/files/paramlist.py
@@ -46,7 +46,6 @@
                     'auth',
                     'hash',
                     'secret',
-                    'timestamp',
                     'verify',
                 )
 
@@ -84,6 +83,7 @@
                     'not valid',
                     'please check your request',
                     'your browser did something unexpected',
+                    'csrf'
                     'clearing your cookies',
                     'tampered token',
                     'null',
diff --git a/xsrfprobe/modules/Checkpost.py b/xsrfprobe/modules/Checkpost.py
@@ -78,7 +78,7 @@ def PostBased(url, r1, r2, r3, m_action, result, genpoc, form, m_name=''):
             # If --malicious has been supplied
             if GEN_MALICIOUS:
                 # Generates a malicious CSRF form
-                GenMalicious(m_action, genpoc.__str__())
+                GenMalicious(url, genpoc.__str__())
             else:
                 # Generates a normal PoC
-                GenNormalPoC(m_action, genpoc.__str__())
+                GenNormalPoC(url, genpoc.__str__())
diff --git a/xsrfprobe/modules/Generator.py b/xsrfprobe/modules/Generator.py
@@ -47,7 +47,7 @@ def GenNormalPoC(action, fields, method='POST', encoding_type='application/x-www
             # Brand tag :p ...I guess...
             with tag('small'):
                 text('(o) This form was generated by ')
-                with tag('a', href='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/0xinfection/xsrfprobe'):
+                with tag('a', href='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/0xInfection/xsrfprobe'):
                     text('XSRFProbe')
                 text('.')
     content = BeautifulSoup(doc.getvalue(), 'html.parser')
