snuck is an automated tool that may definitely help in finding XSS vulnerabilities in web applications. It is based on Selenium and supports Mozilla Firefox, Google Chrome and Internet Explorer. The approach, it adopts, is based on the inspection of the injection's reflection context and relies on a set of specialized and obfuscated attack vectors for filter evasion. In addition, XSS testing is performed in-browser, a real web browser is driven for reproducing the attacker's behavior and possibly the victim's.
Download -
snuck-0.1.zip - updated version on 23-oct-2012
Executable jar and malicious payloads
This release is the same as the "first release", it just includes the required files for licensing purposes - which were missing - and a brief README.
snuck.zip - older version
Source -
Tutorial -
Screenshot -
0 comments:
Post a Comment