Dalfox 2.9 Release 🌸

Hi hackers! Dalfox v2.9 has been released 🚀

In this release of Dalfox, a flag has been added to record Dalfox traffic in HAR file and Raw HTTP Req/Res, which can be checked in CLI Output or JSON Report, etc. Although there are not many added features in this release, it is still better than before. Therefore, I recommend updating to the latest version. :D

Thank you ❤️

I thank all contributors for their help. In particular, I would like to express my special thanks to @aidansteele who sent me a great code and @kmcquade who gave me a great idea.

Thanks to our, this project is getting better and better. Thank you always!

Release

Please refer to the document below for updates.

https://dalfox.hahwul.com/docs/update/

Traffic in HAR

With the --har-file-path flag, you can save traffic in Dalfox in the HAR format. You can view the saved HAR files directly or load them into your browser to see how the testing was performed.

dalfox url https://xss-game.appspot.com/level1/frame --har-file-path=log.har
wc -l log.har
     567 log.har

in CLI

in Browser

Raw HTTP

You can now use the --output-request and --output-response flags to add HTTP requests and responses to the Dalfox detection results. In the default output, they appear gray, similar to the output of the code area, and in the JSON output, values are recorded with the keys ‘raw_request’ and ‘raw_response’.

Plain

dalfox url https://xss-game.appspot.com/level1/frame \
  --output-request \
  --output-response

JSON

dalfox url https://xss-game.appspot.com/level1/frame \
  --report \
  --report-format json \
  --silence \
  --output-request
{
 "logs": null,
 "pocs": [
  {
   "type": "V",
   "inject_type": "inHTML-none(1)-URL",
   "poc_type": "plain",
   "method": "GET",
   "data": "https://xss-game.appspot.com/level1/frame?query=%3Caudio+controls+ondurationchange%3Dalert%281%29+id%3Ddalfox%3E%3Csource+src%3D1.mp3+type%3Daudio%2Fmpeg%3E%3C%2Faudio%3E",
   "param": "query",
   "payload": "\u003caudio controls ondurationchange=alert(1) id=dalfox\u003e\u003csource src=1.mp3 type=audio/mpeg\u003e\u003c/audio\u003e",
   "evidence": "13 line:  s were found for \u003cb\u003e\u003caudio controls ondurationchange=alert(1) id=dalfox\u003e\u003csource ",
   "cwe": "CWE-79",
   "severity": "High",
   "message_id": 223,
   "message_str": "Triggered XSS Payload (found DOM Object): query=\u003caudio controls ondurationchange=alert(1) id=dalfox\u003e\u003csource src=1.mp3 type=audio/mpeg\u003e\u003c/audio\u003e",
   "raw_request": "GET /level1/frame?query=%3Caudio+controls+ondurationchange%3Dalert%281%29+id%3Ddalfox%3E%3Csource+src%3D1.mp3+type%3Daudio%2Fmpeg%3E%3C%2Faudio%3E HTTP/1.1\r\nHost: xss-game.appspot.com\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:75.0) Gecko/20100101 Firefox/75.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\nAccept-Encoding: gzip\r\n\r\n"
  }
 ],
 "params": [
  {
   "Name": "query",
   "Type": "URL",
   "Reflected": true,
   "ReflectedPoint": "/inHTML-none(1)",
   "ReflectedCode": "13 line:  Sorry, no results were found for \u003cb\u003eDalFox\u003c/b\u003e. \u003ca href='?'\u003eTry again",
   "Chars": [
    "\\",
    ")",
    "|",
    "\"",
    "'",
    "-",
    "`",
    "\u003e",
    "$",
    "+",
    "]",
    "=",
    ";",
    ":",
    "[",
    "}",
    "{",
    ",",
    "(",
    ".",
    "\u003c"
   ]
  }
 ],
 "duration": 4841809667,
 "start_time": "2023-03-28T11:07:15.574531+09:00",
 "end_time": "2023-03-28T11:07:20.416285+09:00"
}

Message ID/Str

The results now include a sequence of messages used for each request and a message from the PoC. They are marked as ‘message_id’ and ‘message_str’, respectively.

{
  "pocs": [
    {
      "message_id": 223,
      "message_str": "Triggered XSS Payload (found DOM Object): query=\u003caudio controls ondurationchange=alert(1) id=dalfox\u003e\u003csource src=1.mp3 type=audio/mpeg\u003e\u003c/audio\u003e"
    }
  ]
}

Apple Sillicon Docker

Docker images for arm64(apple sillicon) are provided.

More

It also includes various bug fixes and dependency updates, as well as improvements to attack code. :D