Opera Security Testing UserScripts.

I got this sent in by Sam Aldis, two nice user scripts created for Opera to test the security in websites by automating XSS c.q. SQL injection. This is really useful if you want to test websites actually. Secondly he also has a simple Javascript console, which in term can be quite useful also. I always wanted to write something similar, so nice ideas to expand on. I also thought about the idea to have Opera run on my second PC which will be dedicated in testing websites for instance. This way you can create a Nessus like scanner, integrated in Opera. Why not, it is certainly possible and only limited by your imagination. By the way, did you know that Opera now has a UserScript virtual I/O file-system API in it&#039s new version? this enables you to read and write to the computer it runs on in a safe manner. It creates an environment of more possibilities in stable way for analyzing websites and storing the results if necessary.

aWaT script:

(function(opera){


/*


aWaT - Automated Web Attack (A-Wah)


Created By Sam Aldis


http://darkstar.me.uk





thanks to 0x000000.com for the insperation and introducing me to


opera as well as the layout for the output.


*/





// The getCookie function can be used to retrieve a specific cookie


// this cookie must have been set with the setCookie function


// probably not the easiest way to do it but it works.


getCookie = function(con){


var c = document.cookie;


var cn = con;


var cnm = 0;


var s = 0;


var e = 0;


var xf = 0;


for(i=0;i<c.length;i++){


if(cnm>=cn.length){


var s = i;


}


if(c[i]==cn[cnm]){


cnm++;


}


else{


cnm = 0;


}


if(s != 0 && e == 0){


if(c[i] == ":"){


e = i;


}


}


}


var text = c.substr(s+1,e-s-1);


return(text);


}


// sets a cookie using ":" as the delimiter


// as singular cookies won't have ; at the end.


setCookie = function(cname,data){


void(document.cookie = cname + "=" + data + ":");


}


// set the get vars that maybe vulnerable


var vars = ['q','query','search','page','username','user','id','tag','record','listing','name','type','text','msg','message'];


// sets other variables


var crlf = ". rn";


var xss_msg = "";


// main body of the code


if(getCookie("awat")!="2"){


window.addEventListener('load', function(e) {


if(document.location.href.indexOf("&endt=1")!=-1){


setCookie("awat","2");


}


else{


if(getCookie("awat") != 1){


if(document.body.innerHTML.indexOf("<script>void(192)</script>")== -1){


for(k=0;k<vars.length + 1;k++){


if(document.location.href.indexOf("&" + vars[k] + "=") > 0 || document.location.href.indexOf("?" + vars[k] + "=") > 0){


if(getCookie("awat")==""||getCookie("awat")=="0"){


var cloc = document.location.href;


xss_msg += "Possible XSS in variable " + vars[k] + crlf;


var nloc = cloc + "&" + vars[k] + "=" + "<script>void(192)</script>";


setCookie(


document.location = nloc + "&01536362";


}


}


}


}


else{


xss_msg += "XSS found at location: " + document.location.href + crlf;


xf = 1;


}


}


else{


if(document.body.innerHTML.indexOf("<script>void(192)</script>") == -1){


xss_msg += "No XSS found in page" + crlf;


xf = 1;


}


}


if (xss_msg != '' && xss_msg != undefined ) {


if(xf = 1){


// displays the output text, style taken from arioso created


// by 0x000000.com.


var p = document.createElement('a');


p.style.position = 'fixed';


p.style.top = '0px';


p.style.left = '0px';


p.style.width = '100%';


p.style.opacity = '.90';


p.style.filter = 'alpha(opacity=90)';


p.style.border = '1px dotted #f30';


p.style.padding = '3px';


p.style.font = '8pt sans-serif';


p.style.backgroundColor = '#f00';


p.style.color = '#fff';


p.href = document.location + "&endt=1";


p.appendChild(document.createTextNode('aWa message: ' + xss_msg + " Click to stop testing on this domain"));


document.body.appendChild(p);


if(document.location.href.indexOf("&01536362") == -1){


setCookie("awat","0");


}


else{


setCookie("awat","1");


}


}


}


}


}, false);


}


})(window.opera);

Javascript console script:

/*


Javascript Console@http://www.google.co.uk/js


created by Sam Aldis





A very simple way to execute javascript in your browser.


*/


(function(opera){


window.addEventListener('load',function(e) {


if(document.location.href == "http://www.google.co.uk/js"){


document.title = "JS Console";


document.body.innerHTML = "<style>body{ background-color: black; color: red;}textarea{background-color:black; color: red;}input{background-color: black; color: red;}</style><div align='center'><img src='http://www.google.co.uk/intl/en_uk/images/logo.gif'><br /><textarea id='js' name='js' cols='60' rows='20'>javascript</textarea><br /><input type='button' value='Eval' onclick='eval(document.getElementById("js").value)'></div>";


}},false);


})(window.opera);