bayonet icon indicating copy to clipboard operation
bayonet copied to clipboard

Published 20 hours ago verified publisher icon CTF-MissFeng

过时的webhook实现,不适用于现在较新的xray版本了

Open coffeehb opened this issue 3 years ago • 0 comments

使用新版xray测试的漏洞 数据没有写入数据库,分析原因发现是webhook的API解析过时了。测试使用的是xray 1.7.1, webhook的JSON形式如下:

{'data': {'create_time': 1618633896328, 'detail': {'addr': 'http://paidui.meituan.com:80/static/js/queueMerchant.5c31f03fb0aebb92a0ef.js.map', 'extra': {'param': {}}, 'payload': '/static/js/queueMerchant.5c31f03fb0aebb92a0ef.js.map', 'snapshot': [['GET /static/js/queueMerchant.5c31f03fb0aebb92a0ef.js.map HTTP/1.1\r\nHost: paidui.meituan.com:80\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0\r\nAccept: */*\r\nRange: bytes=0-128\r\nSpider-Name: crawlergo\r\n\r\n', 'HTTP/1.1 206 Partial Content\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nConnection: keep-alive\r\nContent-Length: 129\r\nContent-Range: bytes 0-128/314405\r\nContent-Type: application/json; charset=UTF-8\r\nDate: Sat, 17 Apr 2021 04:31:35 GMT\r\nEtag: W/"4cc25-177d7f0af78"\r\nKeep-Alive: timeout=5\r\nLast-Modified: Thu, 25 Feb 2021 06:46:51 GMT\r\nServer: openresty\r\n\r\n{"version":3,"sources":["webpack:///static/js/queueMerchant.5c31f03fb0aebb92a0ef.js","webpack:///./src/components/queue-merchant.']]}, 'plugin': 'dirscan/sourcemap/default', 'target': {'url': 'http://paidui.meituan.com:80/static/js/queueMerchant.5c31f03fb0aebb92a0ef.js.map'}}, 'type': 'web_vuln'}

形式变了,很多字段也不对了,所以下面的代码已经不实用了。

@APP.route('/webhook', methods=['POST'])
def xray_webhook():
    try:
        vuln = request.json
    except:
        pass
    else:
        if 'create_time' in vuln:
            plugin = vuln.get('plugin', '') + '--' +vuln.get('vuln_class', '')
            url = vuln['detail'].get('url')
            payload = vuln['detail'].get('payload', '')
            raw = vuln['detail'].get('request', '')
            print(f'新漏洞:{url}')
            scan_write(plugin, url, payload, raw, flag=False, scan_name='xray')
    finally:
        return "ok"

改改:


@APP.route('/webhook', methods=['POST'])
def xray_webhook():
    try:
        vuln = request.json.get('data')
        print(vuln)
    except Exception as e:
        print(e)
        pass
    else:
        if 'create_time' in str(vuln):
            plugin = vuln.get('plugin', '') + '--' +vuln.get('vuln_class', '')
            url = vuln['detail'].get('addr')
            payload = vuln['detail'].get('payload', '')
            raw = vuln['detail'].get('snapshot', '')[0][0]
            print(f'新漏洞:{url}')
            scan_write(plugin, url, payload, raw, flag=False, scan_name='xray')
    finally:
        return "ok"

coffeehb avatar Apr 17 '21 05:04 coffeehb