TypeError: decoding to str: need a bytes-like object, NoneType found
Dylan886 opened this issue · comments
When i run the xsser in my python3.7 , an error occurred
File "D:\tool\xsser\core\curlcontrol.py", line 454, in info
m['content-type'] = (self.handle.getinfo(pycurl.CONTENT_TYPE)).strip( ';')
TypeError: decoding to str: need a bytes-like object, NoneType found
How could i resolve this? i think it is a compatibility issues between py2.x and py3.x.
I think the issue is coming from pycurl, which is unable to retrieve a content type for whatever reason. Take a look at #47 for a workaround.
Yep,i watch your code and try it again,the problem doesn't happen again,but another issue coming,about field accept not be declared, http-code: 406 and [WinError 10057]
Please, try it with: Python3.5.x
Describe the bug
XSSer crashes when response contains no content-type header.
To Reproduce
- Run an instance of DVWA: https://hub.docker.com/r/vulnerables/web-dvwa
- Run
xsser -u <dvwa_address>/cdn-cgi/email-protection/XSS
- XSSer crashes
Expected behavior
There should be no crash and execution should continue as normal.
Running environment:
- XSSer 1.8.2
- Installation method: apt
- Operating system: Kali 2019.4
- Python version 3.7.5
Target details:
- The response from
/cdn-cgi/email-protection/<hash>
has no Content-Type header, which is probably what's causing the crash. - Exception traceback:
Traceback (most recent call last):
File "xsser", line 35, in <module>
app.run()
File "/usr/share/xsser/core/main.py", line 2717, in run
self.poll_workers()
File "/usr/share/xsser/core/main.py", line 2234, in poll_workers
self.pool.poll()
File "/usr/share/xsser/core/threadpool.py", line 358, in poll
request.callback(request, result)
File "/usr/share/xsser/core/main.py", line 916, in _cb
query_string, url, dest_url)
File "/usr/share/xsser/core/main.py", line 1029, in finish_attack_url_payload
if c.info()["http-code"] in ["200", "302", "301"]:
File "/usr/share/xsser/core/curlcontrol.py", line 454, in info
m['content-type'] = (self.handle.getinfo(pycurl.CONTENT_TYPE) or '').strip(';')
TypeError: decoding to str: need a bytes-like object, NoneType found
All right.
Describe the bug
XSSer report that http-code:406 and the [WinError 10057] .
To Reproduce
Run an instance of my private web
Run xsser -u
Expected behavior
There should be no crash and execution should continue as normal.
Running environment:
XSSer 1.8.2
Operating system: windows10
Python version 3.7.2
Target details:
- http-code:406, ( i think it's the issue coming from the request, maybe some field loss, like line 103 in core/curlcontrol.py )
[Client Request]
Cookie: ASESSIONID=<...>
User Agent:<...>
Referer: <...>
Extra Headers: None
X-Forwarded-For: None
X-Client-IP: None
Authentication Type: None
Authentication Credentials: None
Proxy: None
Timeout: 30
Delaying: 0 seconds
Delaying: 0 seconds
Retries: 1
[Server Reply]
http-code: 406
total-time: 1.172258
namelookup-time: 6.7e-05
connect-time: 1.0399
header-size: 564
request-size: 598
response-code: 406
cookielist: []
- WinError 10057
File "xsser", line 36, in <module>
app.land(True)
File "D:\tool\xsser\core\main.py", line 2779, in land
self.hub.shutdown()
File "D:\tool\xsser\core\tokenhub.py", line 64, in shutdown
self.socket.shutdown(socket.SHUT_RDWR)
OSError: [WinError 10057] A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using a sendto call) no address was supplied```
Did you read me? -> #48 (comment)