I'm trying to use CasperJS for HTTP auth to an app then make a second request which if successful should trigger an XSS payload to send the cookies out. I know the auth works as the below code successfully triggers the XSS (I can see the outbound request), however no cookies are sent. I've found things like https://gist.github.com/alvises/6b159300a3f5f09de75f however I can't get anything to work so that cookies are sent with the second request (urlAfterLoggedIn). Could anyone shed any light please?
var casper = require('casper').create({verbose: true, logLevel: 'debug'});
var urlBeforeLoggedIn = "http://127.0.0.1:xxxx/login.jsp";
var urlAfterLoggedIn = "http://127.0.0.1:xxxx/xxxxxxxxxxx?edit=true&bookmarkID=2";
casper.start(urlBeforeLoggedIn)
casper.waitForSelector('form[method="post"]', function() {
casper.fillSelectors('form[method="post"]', {
'input[name="username"]': 'xxxxxxxxxxxxx',
'input[name="password"]': 'xxxxxxxxxxxxx'
}, true);
});
casper.thenOpen(urlAfterLoggedIn)
casper.run();
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
