From 0491c18ebe5dbeeeb2f2b20e93f881ec9f10a41c Mon Sep 17 00:00:00 2001
From: Somdev Sangwan <s0md3v@gmail.com>
Date: Wed, 14 Nov 2018 23:53:18 +0530
Subject: [PATCH 1/4] Add files via upload

---
 core/config.py        | 2 +-
 core/fuzzer.py        | 2 +-
 core/wafDetector.py   | 2 +-
 db/wafSignatures.json | 2 +-
 xsstrike.py           | 8 ++++----
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/core/config.py b/core/config.py
index 4b9a595a..9f997c61 100644
--- a/core/config.py
+++ b/core/config.py
@@ -1,4 +1,4 @@
-changes = '''detection of up to 66 WAFs'''
+changes = '''bug fixes;detection of up to 66 WAFs'''
 
 defaultEditor = 'nano'
 blindPayload = '' # your blind XSS payload
diff --git a/core/fuzzer.py b/core/fuzzer.py
index 1887b25f..352ea68b 100644
--- a/core/fuzzer.py
+++ b/core/fuzzer.py
@@ -40,7 +40,7 @@ def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding):
                 limit -= 1
                 sleep(1)
             try:
-                requests.get(url, timeout=5, headers=headers)
+                requester(url, params, headers, GET, 0, 10)
                 print ('\n%s Pheww! Looks like sleeping for %s%i%s seconds worked!' % (good, green, (delay + 1) * 2), end)
             except:
                 print ('\n%s Looks like WAF has blocked our IP Address. Sorry!' % bad)
diff --git a/core/wafDetector.py b/core/wafDetector.py
index d0905dd5..43177e3c 100644
--- a/core/wafDetector.py
+++ b/core/wafDetector.py
@@ -35,4 +35,4 @@ def wafDetector(url, params, headers, GET, delay, timeout):
         else:
             return None
     else:
-        return None
+        return None
\ No newline at end of file
diff --git a/db/wafSignatures.json b/db/wafSignatures.json
index 7c91b339..a381b09f 100644
--- a/db/wafSignatures.json
+++ b/db/wafSignatures.json
@@ -329,4 +329,4 @@
 		"page" : "<img class=.yunsuologo.",
 		"headers" : "yunsuo_session"
 	}
-}
+}
\ No newline at end of file
diff --git a/xsstrike.py b/xsstrike.py
index 9f0fad1f..b5154408 100644
--- a/xsstrike.py
+++ b/xsstrike.py
@@ -6,7 +6,7 @@
 
 # Just a fancy ass banner
 print('''%s
-\tXSStrike %sv3.0.2
+\tXSStrike %sv3.0.3
 %s''' % (red, white, end))
 
 try:
@@ -213,10 +213,10 @@ def singleTarget(target, paramData, verbose, encoding):
                     print ('%s Efficiency: %i' % (info, bestEfficiency))
                     print ('%s Confidence: %i' % (info, confidence))
 
-def multiTargets(scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload):
+def multiTargets(scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload, headers, delay, timeout):
     signatures = set()
     if domURL and not skipDOM:
-        response = requests.get(domURL).text
+        response = requester(domURL, {}, headers, True, delay, timeout).text
         highlighted = dom(response)
         if highlighted:
             print ('%s Potentially vulnerable objects found at %s' % (good, domURL))
@@ -316,7 +316,7 @@ def bruteforcer(target, paramData, payloadList, verbose, encoding):
         for i in range(difference):
             domURLs.append(0)
     threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threadCount)
-    futures = (threadpool.submit(multiTargets, scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload) for form, domURL in zip(forms, domURLs))
+    futures = (threadpool.submit(multiTargets, scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload, headers, delay, timeout) for form, domURL in zip(forms, domURLs))
     for i, _ in enumerate(concurrent.futures.as_completed(futures)):
         if i + 1 == len(forms) or (i + 1) % threadCount == 0:
             print('%s Progress: %i/%i' % (info, i + 1, len(forms)), end='\r')

From 7dd672748695a48f57fe2a15d640342d1f4591c0 Mon Sep 17 00:00:00 2001
From: Somdev Sangwan <s0md3v@gmail.com>
Date: Wed, 14 Nov 2018 23:54:25 +0530
Subject: [PATCH 2/4] Update wafSignatures.json

---
 db/wafSignatures.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/db/wafSignatures.json b/db/wafSignatures.json
index a381b09f..7c91b339 100644
--- a/db/wafSignatures.json
+++ b/db/wafSignatures.json
@@ -329,4 +329,4 @@
 		"page" : "<img class=.yunsuologo.",
 		"headers" : "yunsuo_session"
 	}
-}
\ No newline at end of file
+}

From 9afc75bdc5d4f199caaec71e0de8a7dda848c6e5 Mon Sep 17 00:00:00 2001
From: Somdev Sangwan <s0md3v@gmail.com>
Date: Wed, 14 Nov 2018 23:55:09 +0530
Subject: [PATCH 3/4] Update wafDetector.py

---
 core/wafDetector.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/wafDetector.py b/core/wafDetector.py
index 43177e3c..a56584c0 100644
--- a/core/wafDetector.py
+++ b/core/wafDetector.py
@@ -35,4 +35,5 @@ def wafDetector(url, params, headers, GET, delay, timeout):
         else:
             return None
     else:
-        return None
\ No newline at end of file
+        return None
+ 

From 7d790fe2ebe245b5cc1add820ba4249687a37acc Mon Sep 17 00:00:00 2001
From: Somdev Sangwan <s0md3v@gmail.com>
Date: Wed, 14 Nov 2018 23:55:55 +0530
Subject: [PATCH 4/4] Update wafDetector.py

---
 core/wafDetector.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/core/wafDetector.py b/core/wafDetector.py
index a56584c0..d0905dd5 100644
--- a/core/wafDetector.py
+++ b/core/wafDetector.py
@@ -36,4 +36,3 @@ def wafDetector(url, params, headers, GET, delay, timeout):
             return None
     else:
         return None
-