XSStrike
XSStrike copied to clipboard
s0md3v
requests.exceptions.ReadTimeout
Describe the bug When I execute the following,I'm going to get an error
(XSStrike) liuf2@liuf2-virtual-machine /u/l/e/XSStrike> python xsstrike.py -u "http://xxxx.xss.xx/level13.php?keyword=gs" -f "default" -d 5
XSStrike v3.1.2
Traceback (most recent call last):
File "xsstrike.py", line 166, in <module>
bruteforcer(target, paramData, payloadList, encoding, headers, delay, timeout)
File "/usr/local/envs/XSStrike/modes/bruteforcer.py", line 35, in bruteforcer
GET, delay, timeout).text
File "/usr/local/envs/XSStrike/core/requester.py", line 41, in requester
timeout=timeout, verify=False, proxies=core.config.proxies)
File "/home/liuf2/.local/share/virtualenvs/XSStrike-D9KbWiUw/lib/python3.6/site-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/home/liuf2/.local/share/virtualenvs/XSStrike-D9KbWiUw/lib/python3.6/site-packages/requests/api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "/home/liuf2/.local/share/virtualenvs/XSStrike-D9KbWiUw/lib/python3.6/site-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/home/liuf2/.local/share/virtualenvs/XSStrike-D9KbWiUw/lib/python3.6/site-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/home/liuf2/.local/share/virtualenvs/XSStrike-D9KbWiUw/lib/python3.6/site-packages/requests/adapters.py", line 529, in send
raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: HTTPConnectionPool(host='xxxx.xss.xx', port=80): Read timed out. (read timeout=10)
As you can see, adding a delay of 5 seconds doesn't help
Potential cause or fix Whether you need to add a failed retry decorator? Use in timeout, or deny connection?
Environment:
- OS: ubuntu18.04
- Python version 3.6
Some Questions
- [✔ ] I am using the latest version of XSStrike.
- [ ✔] I installed the dependecies using
pip3instead ofpip - [✔ ] I have read the documentation before submitting this issue.
- [ ✔] I have checked the other issues to see if someone reported this before.
Other comments Do you have something else to say?
Hello there,
Such network issues don't really indicate a bug in the program itself. From the URL, I assume that you testing against a website that hosts XSS challenges and that's why maybe it uses some measures to prevent automation.
Yes, it is possible that the delay thing might not be working at all. I will check that.
Thanks for reporting it.
Yes, it's not the program itself. If a network exception occurs, retry through the decorator. I think we can reduce the possibility of program exit. This will improve scanning efficiency, don't you think?
Well since this is a ReadTimeout error, you should probably increase the timeout via --timeout parameter. Maybe turn it up to 15s?
Well since this is a ReadTimeout error, you should probably increase the timeout via
--timeoutparameter. Maybe turn it up to 15s?
Yup! But it may be more reliable to retry.