Jump to content
Eric

Ra.2 - Blackbox DOM XSS Scanner

Recommended Posts

Posted

Ra.2 - Blackbox DOM-based XSS Scanner is a approach towards finding a solution to the problem of detecting DOM-based Cross-Site Scripting vulnerabilities in Web-Application automatically, effectively and fast.

Ra.2 is basically a lighweight Mozilla Firefox Add-on that uses a very simple yet effective and unique approach to detect most DOM-based XSS vulnerabilities, if not all.

Being a browser-add on it is a session-aware tool which can scan a web-application that requires authentication. Ra.2 uses custom collected list of XSS vectors which has been heavily modified to be compatible with its scanning technology. The add-on also implements basic browser intrumentation to simulate a human interaction to trigger some hard to detect DOM-based XSS conditions.

Features


False positive free by design: Vulnerable URLs are saved in DB, if and only if, our payload is executed successfully by the browser. Hence marked exploitable. If isn't false-positive, it's a bug! Report us
Large collection of injection vectors, includes “modified” R’Snake’s vectors as well.
Supports transforming Unicode characters for testing content aware application.
Automatically handles JavaScript obfuscation/compression, as it relies on native interpreter.
Fast and light-weight.
Pretty easy learning curve. Point-n-Click.

DOWNLOAD: https://code.google.com/p/ra2-dom-xss-scanner/downloads/list

Posted (edited)

Din ceea ce scrie in readme a fost testat doar pe mac, pare a fi usor de instalat pe windows cat despre linux habar nu am daca merge, ar trebuii sa pui fisierele in folderul de la firefox .


README
______

Report bugs to nishant.dp@gmail.com or http://code.google.com/p/ra2-dom-xss-scanner/issues

Installation
------------
Copy the entire "ra2" folder to "/Users/Shared/"
Copy the file "ra2@domxssscanner.app"
Start FireFox.
Type "about:support" (without quotes) in the URL address bar and hit "Enter".
Under the "Application Basics" section. Click on "Show in Finder", in the "Profile Folder" row.
Open the desired profile folder and paste it in the "extensions" folder.



Batch Scanning
--------------
After installation, add all the URLs you want to scan in the urls.txt present in "/Users/Shared/ra2/xss/urls.txt"


Tested on MacOS X Mountain Lion (10.8.1)
Firefox 15.0.1

Daca citesti cu atentie iti cam da mura in gura, doar ca trebuie sa adaptezi.

Sincer sa fiu nu sunt sigur daca firefox are compatibile pluginurile pe toate os-urile, adica sa fie un singur plugin pentru toate os-urile dar poti incerca.

Nu am absolut nici un linux cu interfata la indemana sa testez.

Edit:

// http://www.linuxquestions.org/questions/linux-software-2/firefox-plugin-directory-521490/

Se pare ca depinde de distributia de linux pe care o ai, iar din ceea ce am citit il poti pune pe toate os-urile, ideea e sa dibuiesti exact folderul.

Edited by Eric

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...