Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Another greasemonkey XSS-helper
Posted by: holiman
Date: January 25, 2009 09:43AM

Hi,

I created a little GM helper utility to find the low-hangning fruits, XSS-wise, just to quickly check if a page suffers from the most common xss:es. This is how it works ,

This is how it works :
* Go to a site, select "Quick XSS-scan". The links in the page are counted, and the ones with parameters in them are permutated, so that for example "test?a=b&c=d" genereates two requests : "test?a=b<payload>&c=d" and "test?a=b&c=d<payload>". A prompt tells you how many requests it wants to make, you can look at them or run them. Hit enter to run.

* The requests are then made sequentially - so as to not mess with app logic or burden the server too much. Each returned page is scanned for a certain signature, which may indicate that the page is xss:able.

* The quick scan tries to inject ' " < into a page with only one request, while more thorough scan tries each character separately. The quick one most often does the trick quite well, and does not generate as many permutations.

- Limitations :
- It does not attempt to do any form POSTings. Maybe that will be added as an extra option if I find it useful.
- It does not traverse, it just executes the links from the page you are on.
- To save and analyze the results, easiest is to cut'n'paste into spreadsheet (|-separated data).
- It can make mozilla unresponsive if there are very large amounts of links.

If anyone is interested in testing it, it is available at bitbucket :
Project : http://bitbucket.org/holiman/jinx/overview/
GM-script : http://bitbucket.org/holiman/jinx/raw/tip/jinx.user.js

Options: ReplyQuote


Sorry, only registered users may post in this forum.