Cookies loading MVP for XSS.is

2026-05-06 14:08:59 +00:00 · 2021-01-21 00:21:04 +03:00
parent 16fb6476c1
commit 69a3d17608
3 changed files with 38 additions and 15 deletions
@@ -0,0 +1,15 @@
+# HTTP Cookie File downloaded with cookies.txt by Genuinous @genuinous
+# This file can be used by wget, curl, aria2c and other standard compliant tools.
+# Usage Examples:
+#   1) wget -x --load-cookies cookies.txt "https://xss.is/search/"
+#   2) curl --cookie cookies.txt "https://xss.is/search/"
+#   3) aria2c --load-cookies cookies.txt "https://xss.is/search/"
+#
+xss.is	FALSE	/	TRUE	0	xf_csrf	PMnZNsr42HETwYEr
+xss.is	FALSE	/	TRUE	0	xf_from_search	google
+xss.is	FALSE	/	TRUE	1642709308	xf_user	215268%2CZNKB_-64Wk-BOpsdtLYy-1UxfS5zGpxWaiEGUhmX
+xss.is	FALSE	/	TRUE	0	xf_session	sGdxJtP_sKV0LCG8vUQbr6cL670_EFWM
+.xss.is	TRUE	/	FALSE	0	muchacho_cache	[&quot;00fbb0f2772c9596b0483d6864563cce&quot;]
+.xss.is	TRUE	/	FALSE	0	muchacho_png	[&quot;00fbb0f2772c9596b0483d6864563cce&quot;]
+.xss.is	TRUE	/	FALSE	0	muchacho_etag	[&quot;00fbb0f2772c9596b0483d6864563cce&quot;]
+.xss.is	TRUE	/	FALSE	1924905600	2e66e4dd94a7a237d0d1b4d50f01e179_evc	[&quot;00fbb0f2772c9596b0483d6864563cce&quot;]
@@ -53,9 +53,6 @@ common_errors = {

 unsupported_characters = '#'

-cookies_file = 'cookies.txt'
-
-
 async def get_response(request_future, site_name, logger):
    html_text = None
    status_code = 0
@@ -310,7 +307,8 @@ def process_site_result(response, query_notify, logger, results_info, site: Maig
 async def maigret(username, site_dict, query_notify, logger,
                  proxy=None, timeout=None, recursive_search=False,
                  id_type='username', debug=False, forced=False,
-                  max_connections=100, no_progressbar=False):
+                  max_connections=100, no_progressbar=False,
+                  cookies=None):
    """Main search func

    Checks for existence of username on various social media sites.
@@ -348,7 +346,16 @@ async def maigret(username, site_dict, query_notify, logger,
    connector = ProxyConnector.from_url(proxy) if proxy else aiohttp.TCPConnector(ssl=False)
    # connector = aiohttp.TCPConnector(ssl=False)
    connector.verify_ssl=False
-    session = aiohttp.ClientSession(connector=connector, trust_env=True)
+
+    cookies_dict = {}
+    if cookies:
+        cookies_obj = cookielib.MozillaCookieJar(cookies)
+        cookies_obj.load(ignore_discard=True, ignore_expires=True)
+
+        for c in cookies_obj:
+            cookies_dict[c.name] = c.value
+
+    session = aiohttp.ClientSession(connector=connector, trust_env=True, cookies=cookies_dict)

    if logger.level == logging.DEBUG:
        future = session.get(url='https://icanhazip.com')
@@ -446,16 +453,6 @@ async def maigret(username, site_dict, query_notify, logger,
                # The final result of the request will be what is available.
                allow_redirects = True

-            # TODO: cookies using
-            # def parse_cookies(cookies_str):
-            #     cookies = SimpleCookie()
-            #     cookies.load(cookies_str)
-            #     return {key: morsel.value for key, morsel in cookies.items()}
-            #
-            # if os.path.exists(cookies_file):
-            #     cookies_obj = cookielib.MozillaCookieJar(cookies_file)
-            #     cookies_obj.load(ignore_discard=True, ignore_expires=True)
-
            future = request_method(url=url_probe, headers=headers,
                                    allow_redirects=allow_redirects,
                                    timeout=timeout,
@@ -660,6 +657,9 @@ async def main():
    parser.add_argument("--json", "-j", metavar="JSON_FILE",
                        dest="json_file", default=None,
                        help="Load data from a JSON file or an online, valid, JSON file.")
+    parser.add_argument("--cookie", metavar="COOKIE_FILE",
+                        dest="cookie_file", default=None,
+                        help="File with cookies.")
    parser.add_argument("--timeout",
                        action="store", metavar='TIMEOUT',
                        dest="timeout", type=timeout_check, default=10,
@@ -886,6 +886,7 @@ async def main():
                                id_type=id_type,
                                debug=args.verbose,
                                logger=logger,
+                                cookies=args.cookie_file,
                                forced=args.use_disabled_sites,
                                max_connections=args.connections,
                                )
@@ -1587,6 +1587,13 @@
            "usernameClaimed": "adam",
            "usernameUnclaimed": "noonewouldeverusethis7"
        },
+        "XSS.is": {
+            "checkType": "status_code",
+            "url": "https://xss.is/index.php?members/find&q={username}&_xfToken=1611176826%2Ce821e74f39e8436e2b599758f6fa5387&_xfRequestUri=%2Fmembers%2F%3Fkey%3Dmost_messages&_xfWithData=1&_xfResponseType=json",
+            "urlMain": "https://xss.is",
+            "usernameClaimed": "adam",
+            "usernameUnclaimed": "noonewouldeverusethis7"
+        },
        "Battleraprus": {
            "tags": [
                "ru",