Posted By

MMDeveloper on 09/16/08


Tagged

ajax php server script xss proxy


Versions (?)

Who likes this?

6 people have marked this snippet as a favorite

Jacolyte
elgermano
craiga
umang_nine
fabiobruna
wirenaught


AJAX XSS Proxy Script


 / Published in: PHP
 

URL: http://www.mechanicmatt.com

OOP class Proxy Server script, requires CURL. This was designed to be used with AJAX. Just point your AJAX script to post to this script passing the post action as $url. CURL will handle it from there and echo the response. To access the response, simply look at $phpProxy->response;

  1. <?php
  2.  
  3. /*
  4. By: Matt Ford
  5.  
  6. Purpose: This is a PHP powered proxy script for XSS scripting
  7. */
  8.  
  9. class phpProxy {
  10. public $url = null; //request url
  11. public $headers = null; //boolean headers
  12. public $mimeType = null; //mimetype of response
  13.  
  14. private $session = null; //curl session
  15. public $response = null; //curl response
  16.  
  17. public function __construct($request) {
  18. $this->phpProxy($request);
  19. }
  20.  
  21. public function phpProxy($request) {
  22. $this->url = trim($request["url"]);
  23. $this->headers = trim($request["headers"]);
  24. $this->mimeType = trim($request["mimeType"]);
  25.  
  26. if ($this->url != "") {
  27. $this->initRequest();
  28. }
  29. else {
  30. $this->response = null;
  31. }
  32. }
  33.  
  34. private function initRequest() {
  35. $this->session = curl_init($this->url);
  36.  
  37. if ($_SERVER["REQUEST_METHOD"] == "POST") {
  38. $postVars = array();;
  39.  
  40. foreach ($_POST as $k => $v) {
  41. $postVars[] = $k . "=" . $v;
  42. }
  43.  
  44. $postVars = implode("&", $postVars);
  45.  
  46. curl_setopt ($this->session, CURLOPT_POST, true);
  47. curl_setopt ($this->session, CURLOPT_POSTFIELDS, $postVars);
  48. } else {}
  49.  
  50. curl_setopt($this->session, CURLOPT_HEADER, ($this->headers == "true") ? true : false);
  51. curl_setopt($this->session, CURLOPT_FOLLOWLOCATION, true);
  52. curl_setopt($this->session, CURLOPT_RETURNTRANSFER, true);
  53.  
  54. $this->response = curl_exec($this->session);
  55.  
  56. if ($this->mimeType != "") {
  57. header("Content-Type: " . $this->mimeType);
  58. } else {}
  59.  
  60. //echo $this->response;
  61. curl_close($this->session);
  62. }
  63. }
  64.  
  65. $phpProxy = new phpProxy($_REQUEST);
  66. ?>

Report this snippet  

You need to login to post a comment.