Active Members Fi8sVrs Posted November 9, 2012 Active Members Report Posted November 9, 2012 Descriptionsnuck is quite different from typical web security scanners, it basically tries to break a given XSS filter by specializing the injections in order to increase the success rate. The attack vectors are selected on the basis of the reflection context, that is the exact point where the injection falls in the reflection web page's DOM. Having access to the pages' DOM is possible through Selenium Web Driver, which is an automation framework, that allows to replicate operations in web browsers. Since many steps could be involved before an XSS filter is "activated", an XML configuration file should be filled in order to make snuck aware of the steps it needs to perform with respect to the tested web application. Practically speaking, the approach is similar to the iSTAR's one, but it focuses on one particular XSS filter.Tutorial: Tutorial - snuck - how to use snuck - Automatic XSS filter bypass - Google Project HostingDownload: Downloads - snuck - Automatic XSS filter bypass - Google Project HostingOwner: gentile....@gmail.com Google Project HostingSource: snuck - Automatic XSS filter bypass - Google Project Hosting Quote
