# XssAPP

**Repository Path**: master336/XssAPP

## Basic Information

- **Project Name**: XssAPP
- **Description**: No description available
- **Primary Language**: CSS
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 34
- **Created**: 2017-08-21
- **Last Updated**: 2020-12-19

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# XssAPP

## Remark
XssAPP is a professional Xss XSS vulnerability testing platform.
Providing Xss vulnerability testing for hackers management platform.
Do you know what hackers do?

## Technology
SpringMvc, Hibernate, SpringAOP, JAVA Reflection, Annotation, C3p0, Memcached...

## Platform Overview
Users browse websites, use instant messaging software, and even read e-mail, usually click on the link. An attacker by inserting malicious code in the link, it is possible to steal user information. Attackers often use hexadecimal (or other encoding) encoded links, so that users doubt its legitimacy. Website after receiving the request contains malicious code will produce a page that contains malicious code, and this page looks like a legitimate website page that should be generated by the same. Many popular guestbook and forum programs allow users to leave a post contains the HTML and javascript. Suppose user A published a post that contains a malicious script, the user B in this post when browsing malicious script will be executed, steal user B's session information. For details about the attack will be set forth below.

## Attack Classification
People often XSS (Cross Site Scripting), abbreviated as CSS, but will work with Cascading Style Sheets (Cascading Style Sheets, CSS) the acronym confusion. So some people will cross-site scripting attacks abbreviated as XSS. If you hear someone say, "I found a XSS vulnerability" Obviously he was talking about cross-site scripting attacks.

## Extended Type
Durable Cross Station: the most direct type of hazard, cross site code is stored in the server (database). (2) a non-persistent cross-site Type: reflective XSS, the most common type. Users access the server - Cross-site links - Back cross site code. Security DOM (document object model document object model), the client script processing logic result of: (3) DOM Cross Site (DOM XSS).

## Hazard Vulnerability
To collect user information, the attacker will usually insert JavaScript in a vulnerable program, VBScript, ActiveX or Flash to deceive users (see below). Once succeeded, they can steal user accounts, modify user settings, steal / pollution cookie, false advertising and so on. Every day a large number of malicious code XSS attacks occur. Brett Moore of the following detailed description of the article "denial of service attack" and the user simply read an article would be "automatic attack."

## Structure

4.1.1.1 com.xss.web.util Tools collection

com.xss.web.util package

CommonUtils public util Operation packaging tools

Constants or enumeration constants stored point system

DateUtils date operating tool

EmailSenderUtil send mail tool

EncryptionUtil password encryption tool

FileUtils document literacy tool

HibernateConfigurationUtil hibernate common operating tool

HqlUtil hql statement conversion tool

HTMLSpirit html operating tool

HttpUtil http request tool

IPager pagination tools, interfaces

JsonUtil json test tools

JSONWriter json Conversion Tool

JUUIDUtil uuid generation tool

MsgEntity system messages container

PropresUtil object manipulation tools

ReqJsonUtil based Gson the json operation tool

RequestUtil request Conversion Tool

SpringContextHelper spring pooling acquisition tool

StringUtils string manipulation tool

UploadUtil File Upload tool

VerificationCodeUtil verification code generation tools


4.1.1.2 com.xss.web.annotation annotation collection

CacheHandle add the cache annotations

DelCacheHandle delete the cache comment

UpdateCacheHandle update the cache annotations, use Write


4.1.1.3 com.xss.web.aspect aop layer

CacheAspect based cache class that implements the AOP

4.1.1.4 com.xss.web.base public foundation layer

com.xss.web.base.cache based cache implementation

com.xss.web.base.dao hibernate persistence layer

com.xss.web.base.page tab object implementation

com.xss.web.base.thread System Utilities thread pool

com.xss.web.base.wrapper xss XSS defense vessel


4.1.1.5 com.xss.web.cache caching layer

com.xss.web.cache.base based cache

AdminCache user class background

EmailCache class letter mail operations

InviteCache invitation code action class

LetterCache envelope Management

MenuCache category menu background

ModuleCache template class

ProjectCache item class


RoleCache backstage role category

SettingCache Site Settings category

SuffixCache website suffix in the class

UserCache user class

4.1.1.6 com.xss.web.controllers controller layer

com.xss.web.controllers.base Public controller superclass


AdminController class operations management background

Controller Home reception with neighboring functional class

Scontroller receiving class

UserController foreground action class members


4.1.1.7 com.xss.web.entity tool system object classes and objects

HqlEntity hql objects

HttpEntity http Objects

MsgEntity messaging system container

BeanFieldEntity reflection common object

Record map wrappers

SimpleConcurrentMap map package cache container

ThisWhere hql where conditions objects

Where hql where conditions objects

4.1.1.8 com.xss.web.filter filter layer

AdminFilter Manage filters, including authority to intercept, menus, loading, etc.

BaseFilter filter basic information, including the address to load a project basis

SuffixFilter suffix filter system to achieve a controlled setting suffix or pseudo-static

UserFilter user filters, the user identity interception

Risks XssFilter prevent xss XSS attacks caused by the present system

4.1.1.9 com.xss.web.model system entity objects (hibernate generated)

slightly

4.1.1.10 com.xss.web.service service layer

slightly

4.1.1.11 com.xss.web.task timer

EmailInitTask letter mail to activate the timer status



## table remark



1) user information table user

Field Name Field Type Length Nullable Description

id Int 11 Not Null primary key can not be empty -Id-

user_name varchar 24 Not Null username - can not empty

user_pwd varchar 40 Not Null user password - can not empty

mobile Varchar 20 ssNull phone number

email Varchar 32 Null mailbox

create_time TIMESTRESM NOT NULL Member

uuid Varchar 32 NOT NULL unique identifier



2) module sheet module

Field Name Field Type Length Nullable Description

id Int 11 Not Null primary key can not be empty -Id-

user_id Int 11 Not Null user ID

title varchar 128 Not Null module title

remark varchar 1024 Null Description

content mediumblob 16777216 Not Null content

type Int 1 Not Null type 0 system module, the user module

update_time datetime NOT NULL Member

3) list of items project

Field Name Field Type Length Nullable Description

id Int 11 Not Null primary key can not be empty -Id-

module_id Int 11 Not Null module ID

user_id Int 11 Not Null user ID

title varchar 128 Not Null project title

remark varchar 1024 Null Description

update_time datetime Not Null create / update

uuid varchar 32 Null unique identifier

uri varchar 255 Null introduced URLs

sort_uri varchar 255 Null introduction of short URLs

open_mobile Int 1 Null receiving phone is turned on, turn off 1 0

open_email Int 1 Null whether to open the mailbox recipient, 0 closed 1 open

filter filtering source address more than one source addresses separated by commas Null


4) Table letter envelope

Field Name Field Type Length Nullable Description

id Int 11 Not Null primary key can not be empty -Id-

project_id Int 11 Not Null project id

ref_url varchar 1024 Null source address

update_time datetime 19 Null Updated

uuid varchar 32 Null unique identifier

context varchar 65535 Null envelope contents

ip varchar 32 Null Ip address

5) envelopes the table of contents letter_paras

Field Name Field Type Length Nullable Description

id Int 11 Not Null primary key can not be empty -Id-

letter_id varchar 1024 Null envelope ID

para_name Int 64 Not Null parameter name

para_value datetime 19 Null parameter values

update_time varchar 32 Null Updated


6) System Settings table setting

Field Name Field Type Length Nullable Description

id Int 11 Not Null primary key can not be empty -Id-

site_name varchar 1024 Not Null site

keywords varchar 1024 Not Null keyword

description varchar 1024 Null seedlings text

copyright varchar 128 Null Rights

letter_api varchar 255 Null Api address

open_reg Int 1 Not Null Open Sign 0 off, 1 on, default 0

open_invite Int 1 Not nul open invitation code registration, 0 closed 1 open default 0


7) Invitation code table invite

Field Name Field Type Length Nullable Description

id Int 11 Not Null primary key can not be empty -Id-

invite_code varchar 32 Not Null invitation code

status Int 1 Not Null state 0 has been used 1 Not used

user_id Int 11 Null registered users

update_time datetime Not Null create / update

exp_time datetime Not Null expiration time


8) Manage table admin

Field Name Field Type Length Nullable Description

id Int 11 Not Null primary key can not be empty -Id-

user_name varchar 32 Not Null Username

user_pwd varchar 32 Not Null passwords

role_id Int 11 Not null association role_id


9) backstage role table role

Field Name Field Type Length Nullable Description

id Int 11 Not Null primary key can not be empty -Id-

name varchar 64 Not Null role name

menus Varchar 1024 Null menu ID set. Comma Separated

10) Menu list menus
Field Name Field Type Length Nullable Description

id Int 11 Not Null primary key can not be empty -Id-

title varchar 64 Not Null menu name

url varchar 255 Not Null menu address

type Int 1 Not Null menu type, menu level 0, 1 secondary menu, default 0

up_id Int 11 Not Null parent ID, associated with this table ID

seq Int 11 Null sorting. The smaller the value the more forward

code Varchar 11 Null Privilege Coding


11) Mailbox table email

Field Name Field Type Length Nullable Description

id Int 11 Not Null primary key can not be empty -Id-

smtp varchar 32 Null server

email varchar 32 Null-mail account

password varchar 32 Null passwords

bak_smtp varchar 32 Null backup server

bak_email varchar 32 Null alternate email account

bak_password varchar 32 Null backup password


12) website suffix suffix table

Field Name Field Type Length Nullable Description

id Int 11 Not Null primary key can not be empty -Id-

suffix suffix varchar 32 Not Null

status varchar 32 Not Null state, 0 off, 1 on, 2 Default


13) static website suffix table suffix_static

Field Name Field Type Length Nullable Description

id Int 11 Not Null primary key can not be empty -Id-

suffix suffix varchar 32 Not Null