Last active
January 16, 2025 21:05
-
-
Save ACK-J/db03595d63052d7db0baa6ac1c21518f to your computer and use it in GitHub Desktop.
A basic Implementation of a report server for an XSS Canary
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from flask import Flask, request | |
| from flask_cors import CORS | |
| import json | |
| app = Flask(__name__) | |
| CORS(app) | |
| @app.route('/xss', methods=['POST']) | |
| def xss_canary(): | |
| # Get JSON data from the request | |
| canary_data = request.get_json() | |
| # List of required fields, with 'dom' as optional | |
| required_fields = ['alert_msg', 'stack', 'url', 'ref', 'timestamp'] | |
| # Ensure the data is present and contains the necessary fields | |
| if not canary_data or not all(key in canary_data for key in required_fields): | |
| return "Invalid data", 400 | |
| # Append the canary data as a JSON object on a new line | |
| with open('xss_canary.json', 'a') as log_file: | |
| json.dump(canary_data, log_file) | |
| log_file.write("\n") # Add a newline after each JSON object | |
| return '', 204 # No content response for success | |
| @app.route('/xss', methods=['GET']) | |
| def xss_get(): | |
| return "It's working!" | |
| if __name__ == '__main__': | |
| app.run(host='0.0.0.0', port=5000) # Default run for testing locally |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment