Introduction
ezXSS is a XSS platform that can test (blind) Cross Site Scripting, steal cookies and other attacks. It is a open source XSS platform, you can find the source code in Github. However, the original source did not give NGINX Rewrite rules.
This article will show you ezXSS NGINX rewrite rules.Therefore, you can build your ezXSS with NGINX.
Environment
NGINX V1.14.0
PHP 7.1.17
MySQL 5.7.22
Rewrite Rule
Author have already given us the Apache .htaccess files. So, what we need to do is that just convert the Apache .htaccess to Nginx. I have tried the online convert websites, but they did not work. Therefore, I create one.
#Rule start #Add Header add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST'; add_header 'Access-Control-Allow-Headers' 'origin, x-requested-with, content-type'; #Re-write Rule location / { rewrite ^/callback/?$ /callback.php last; } location /manage { if ($uri !~ "assets") { set $rule_0 1$rule_0; } if ($rule_0 = "1") { rewrite ^/(.*)$ /manage/index.php; } } #Rule end
You can add above code to your NGINX configure file. Then, restart your NGINX.
For instance:
server { listen 443 ssl http2; server_name example.com; index index.html index.htm index.php; root /var/local/www/; ..... Add Rewrite Rules; ..... }
Testing
After edit NGINX configure file, please restart NGINX. Then, the website should work.
I have already submitted a pull request, after author confirm, you can find it in the Github.