| <html> | |
| <head></head> | |
| <body> | |
| <a href="javascript: alert('clicked xss link')" id="link">click me</a> | |
| <img src="xx" onerror="alert('xss')" /> | |
| </body> | |
| </html> |
| var page = require('webpage').create(), | |
| system = require('system'), | |
| address; | |
| page.onAlert = function (msg) { | |
| console.log("Received an alert: " + msg); | |
| }; | |
| page.onConfirm = function (msg) { | |
| console.log("Received a confirm dialog: " + msg); | |
| return true; | |
| }; | |
| if (system.args.length === 1) { | |
| console.log("Must provide the address of the webpage"); | |
| } else { | |
| address = system.args[1]; | |
| page.open(address, function (status) { | |
| if (status === "success") { | |
| console.log("opened web page successfully!"); | |
| page.evaluate(function () { | |
| // .click() is not standard | |
| // see https://github.com/ariya/phantomjs/issues/11153 | |
| var e = document.createEvent('Events'); | |
| e.initEvent('click', true, false); | |
| document.getElementById("link").dispatchEvent(e); | |
| }); | |
| } | |
| }); | |
| } |
Launch python -m SimpleHTTPServer in the same directory as test.html. By default, the port is 8000.
Then launch phantomJS like this: phantomjs test.js http://localhost:8000/test.html
vagrant@precise64:~$ pjs test.js http://localhost:8000/test.html
Received an alert: xss
opened web page successfully!
Received an alert: clicked xss link
^C