Introduction

ezXSS is a XSS platform that can test (blind) Cross Site Scripting, steal cookies and other attacks. It is a open source XSS platform, you can find the source code in Github. However, the original source did not give NGINX Rewrite rules.

This article will show you ezXSS NGINX rewrite rules.Therefore, you can build your ezXSS with NGINX.

Environment

NGINX V1.14.0

PHP 7.1.17

MySQL 5.7.22

Rewrite Rule

Author have already given us the Apache .htaccess files. So, what we need to do is that just convert the Apache .htaccess to Nginx. I have tried the online convert websites, but they did not work. Therefore, I create one.

#Rule start
#Add Header
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST';
add_header 'Access-Control-Allow-Headers' 'origin, x-requested-with, content-type';

#Re-write Rule
location /
{
	rewrite ^/callback/?$ /callback.php last;
}

location /manage
{
	if ($uri !~ "assets")
	{
		set $rule_0 1$rule_0;
	}
	
	if ($rule_0 = "1")
	{
		rewrite ^/(.*)$ /manage/index.php;
	}
}
#Rule end

You can add above code to your NGINX configure file. Then, restart your NGINX.
For instance:

server
    {
        listen 443 ssl http2;
        server_name example.com;
        index index.html index.htm index.php;
        root  /var/local/www/;
        .....
        Add Rewrite Rules;
        .....
    }

Testing

After edit NGINX configure file, please restart NGINX. Then, the website should work.

ezXSS

I have already submitted a pull request, after author confirm, you can find it in the Github.

SpZ

SpZ's Blog

ezXSS NGINX Rewrite Rules

Introduction

Environment

Rewrite Rule

Testing