Back
Featured image of post Dalfox 2.7 Released πŸŽ‰

Dalfox 2.7 Released πŸŽ‰

Hi hackers! Dalfox v2.7 has been released πŸŽ‰πŸŽ‰πŸŽ‰

There are not many added features this release. But it’s better than before, so I recommend an update! Then let’s start the review. and Have a great holiday πŸ§‘πŸΌβ€πŸŽ„

Thank you ❀️

First, Thank you so much all contributors !!

1414 Thanks to our, this project is getting better and better. Thank you always!

Release note

Github | DockerHub

  • Add BAV Module
    • ESI Injection
  • Support to windows/arm64
  • Upgrade go dependency (1.16 to 1.17)
  • Add Severity in PoC Object
  • Improve SXSS Mode
  • Improve Code Quality
  • Improve libraty interface
  • Fixed bugs
    • Add gzip handling in all func (#315)
    • Fized zero-line bug (#322)
  • Update dalfox web page and documentation

Detail Review

Upgrade go version

I judged that go1.17 was stabilized and raised Golang’s dependency from 1.16 to 1.17. Now, dalfox’s support to window/arm64 binary.

Add BAV Module - ESI Injection

[G] Found dalfox-esii via built-in grepping / payload: toGrepping
    <esii-dalfox>
[POC][G][GET][BUILTIN] https://******************.hahwul.com/esii\?q\=%3Cesi:assign%20name\=%22var1%22%20value\=%22dalfox%22/%3E%3Cesii-%3Cesi:vars%20name\=%22$\(var1\)%22%3E

Add Severity in PoC Object

Severity attribute has been added. It is marked Low, Medium, and High and is subject to both XSS and other vulnerabilities detected by BAV.

{
      "type":"Type of PoC (G/R/V)",
      "inject_type":"Injected Point",
      "poc_type":"plain/curl/httpie/etc...",
      "method":"HTTP Method",
      "data":"PoC URL",
      "param":"Parmeter",
      "payload":"Attack Value",
      "evidence":"Evidence with response body",
      "cwe":"CWE ID",
      "severity": "Severity (Low/Medium/High)"
   }

e.g

{
    "type": "V",
    "inject_type": "inHTML-URL",
    "poc_type": "plain",
    "method": "GET",
    "data": "http://testphp.vulnweb.com/listproducts.php?cat=%27%22%3E%3Cimg%2Fsrc%2Fonerror%3D.1%7Calert%60%60+class%3Ddalfox%3E",
    "param": "cat",
    "payload": "'\"><img/src/onerror=.1|alert`` class=dalfox>",
    "evidence": "48 line:  syntax to use near ''\"><img/src/onerror=.1|alert`` class=dalfox>' at line 1",
    "cwe": "CWE-79",
    "severity": "High"
}

Support to windows/arm64

Dalfox now releases a binary version of window arm64 as well.

Improve SXSS Mode

sxss checks two pages simultaneously through target URL and trigger URL. At this time, there was a problem that could not be properly identified when scanning at a high speed with many walkers. So default value and limit were added as below.

Option Matched Flag Default vaule Limit
options.Concurrence -w or –worker 1 1
options.Delay –delay 1500 (1.5s) >= 1500

Improve Code Quality

Dalfox is developed in consideration of code quality and test coverage. It didn’t get better, but it also maintained quality for new functions πŸ˜…

Update library interface

When using Dalfox in code, SXSS mode can now be fully used with options.Sequence using a dalfox interface, and users can control UseHeadless, UseDeepDXSS, and WAFEavision.

package main 

import (
	"fmt"

	dalfox "github.com/hahwul/dalfox/v2/lib"
)

func main() {
	opt := dalfox.Options{
		Cookie:      "ABCD=1234",
		PoCType:     "http-request",
    Sequence:    10,
    UseHeadless: true,
    UseDeepDXSS: true,
    WAFEavasion: false,
	}
	result, err := dalfox.NewScan(dalfox.Target{
		URL:     "https://xss-game.appspot.com/level1/frame",
		Method:  "GET",
		Options: opt,
	})
	if err != nil {
		fmt.Println(err)
	} else {
		fmt.Println(result)
	}
}

Fixed bugs

  • Add gzip handling in all func (#315)
  • Fized zero-line bug (#322)

Thank you

1415