Cookies are split and added to the webpage object one by one

NetSPI · Sep 14, 2014 · 8f7f266 · 8f7f266
1 parent 84be1ea
commit 8f7f266
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/xss-detector/xss.js b/xss-detector/xss.js
@@ -33,6 +33,22 @@ server = webserver.create();
 var host = '127.0.0.1';
 var port = '8093';
 
+/**
+ * Split cookies by semicolon and add each cookie to the webpage
+ * object separately.
+ */
+parseCookies = function(cookies, wp) {
+	cookieArray = cookies.split(";");
+	for (var i = 0; i < cookieArray.length; i++) {
+		cookieArgs = cookieArray[i].split("=");
+    	wp.addCookie({
+    		'name': cookieArgs[0],
+    		'value': cookieArgs[1]
+    	});
+	}
+	return wp;
+}
+
 /**
  * parse incoming HTTP responses that are provided via BURP intruder.
  * data is base64 encoded to prevent issues passing via HTTP.
@@ -46,7 +62,9 @@ parsePage = function(data,url,cookies) {
 
 	var html_response = "";
 	wp.setContent(data, decodeURIComponent(url));
-	wp.cookies = cookies;
+
+	// Parse cookies from intruder and add to request
+	wp = parseCookies(cookies,wp);
 
 	// Evaluate page, rendering javascript
 	xssInfo = wp.evaluate(function (wp) {