diff --git a/FransLinkfinder.py b/FransLinkfinder.py index d8802d0..cadeb35 100644 --- a/FransLinkfinder.py +++ b/FransLinkfinder.py @@ -239,22 +239,22 @@ def doPassiveScan(self, ihrr): if ".js" in str(urlReq): # Exclude casual JS files if any(x in testString for x in JSExclusionList): - self.callbacks.printOutput("\n" + "[-] URL excluded " + str(urlReq)) + self.callbacks.printOutput("\n" + "[-] URL excluded " + cgi.escape(str(urlReq), quote=True)) else: - self.outputTxtArea.append("\n" + "[+] Valid URL found: " + str(urlReq)) + self.outputTxtArea.append("\n" + "[+] Valid URL found: " + cgi.escape(str(urlReq), quote=True)) issueText = linkA.analyseURL() links = [] full_urls = [] highlights = [] for counter, issueText in enumerate(issueText): - self.outputTxtArea.append("\n" + "\t" + issueText['link']) + self.outputTxtArea.append("\n" + "\t" + cgi.escape(issueText['link'], quote=True)) if linkA.valcheckFullURL(issueText['link']) and linkA.valcheckMappedList(issueText['link'],self.mapTxtArea): - self.mapTxtArea.append("\n" + issueText['link']) + self.mapTxtArea.append("\n" + cgi.escape(issueText['link'], quote=True)) full_urls += [issueText['link']] elif not linkA.valcheckFullURL(issueText['link']): fullURL = urlparse.urljoin(urlparse.urljoin(str(urlReq), '/'),issueText['link']) if linkA.valcheckMappedList(fullURL,self.mapTxtArea): - self.mapTxtArea.append("\n" + fullURL) + self.mapTxtArea.append("\n" + cgi.escape(fullURL, quote=True)) full_urls += [fullURL] lh = [issueText['start'],issueText['end']] @@ -271,7 +271,7 @@ def doPassiveScan(self, ihrr): filNam = filNam if (linkA.checkValidFile(filNam)) and (filNam not in self.filesTxtArea.text): - self.filesTxtArea.append("\n" + filNam) + self.filesTxtArea.append("\n" + cgi.escape(filNam, quote=True)) issues = ArrayList() if links != []: @@ -526,12 +526,12 @@ def __init__(self, reqres, helpers, callbacks, links, full_urls, highlights): self.issue_detail = "Burp Scanner has analysed this JS file and has discovered the following link values: