Ra.2 - Blackbox DOM XSS Scanner

[Eric]

Ra.2 - Blackbox DOM-based XSS Scanner is a approach towards finding a solution to the problem of detecting DOM-based Cross-Site Scripting vulnerabilities in Web-Application automatically, effectively and fast.

Ra.2 is basically a lighweight Mozilla Firefox Add-on that uses a very simple yet effective and unique approach to detect most DOM-based XSS vulnerabilities, if not all.

Being a browser-add on it is a session-aware tool which can scan a web-application that requires authentication. Ra.2 uses custom collected list of XSS vectors which has been heavily modified to be compatible with its scanning technology. The add-on also implements basic browser intrumentation to simulate a human interaction to trigger some hard to detect DOM-based XSS conditions.

Features

False positive free by design: Vulnerable URLs are saved in DB, if and only if, our payload is executed successfully by the browser. Hence marked exploitable. If isn't false-positive, it's a bug! Report us 
Large collection of injection vectors, includes “modified” R’Snake’s vectors as well.
Supports transforming Unicode characters for testing content aware application.
Automatically handles JavaScript obfuscation/compression, as it relies on native interpreter.
Fast and light-weight.
Pretty easy learning curve. Point-n-Click.

DOWNLOAD: https://code.google.com/p/ra2-dom-xss-scanner/downloads/list

[against_modern_football]

a gasit careva cum se poate instala pe linux?

[Eric]

Din ceea ce scrie in readme a fost testat doar pe mac, pare a fi usor de instalat pe windows cat despre linux habar nu am daca merge, ar trebuii sa pui fisierele in folderul de la firefox .

README
______

Report bugs to nishant.dp@gmail.com or http://code.google.com/p/ra2-dom-xss-scanner/issues

Installation
------------
Copy the entire "ra2" folder to "/Users/Shared/"
Copy the file "ra2@domxssscanner.app"
Start FireFox. 
Type "about:support" (without quotes) in the URL address bar and hit "Enter".
Under the "Application Basics" section. Click on "Show in Finder", in the "Profile Folder" row.
Open the desired profile folder and paste it in the "extensions" folder.



Batch Scanning
--------------
After installation, add all the URLs you want to scan in the urls.txt present in "/Users/Shared/ra2/xss/urls.txt"


Tested on MacOS X Mountain Lion (10.8.1)
Firefox 15.0.1

Daca citesti cu atentie iti cam da mura in gura, doar ca trebuie sa adaptezi.

Sincer sa fiu nu sunt sigur daca firefox are compatibile pluginurile pe toate os-urile, adica sa fie un singur plugin pentru toate os-urile dar poti incerca.

Nu am absolut nici un linux cu interfata la indemana sa testez.

Edit:

// http://www.linuxquestions.org/questions/linux-software-2/firefox-plugin-directory-521490/

Se pare ca depinde de distributia de linux pe care o ai, iar din ceea ce am citit il poti pune pe toate os-urile, ideea e sa dibuiesti exact folderul.

Edited October 25, 2012 by Eric

[against_modern_football]

il incerc asa, poate ii dau de capat. mersi