goback add

自动XSS过滤突破工具—snuck

4559 点击·0 回帖
灯火互联
灯火互联
楼主

snuck与众多传统安全扫描器不同,他的作用主要用于突破XSS过滤器。snuck基于Selenium,支持Mozilla Firefox, googleChrome和internet Explorer浏览器。
使用方法:
>java -jar snuck.jar
Usage: snuck [-start xmlconfigfile ] -configxmlconfigfile -report htmlreportfile [-d # ms_delay]
[-proxy IP:port][-chrome chromedriver ] [-ie iedriver] [-remotevectors URL][-stop-first]
[-reflected targetURL -p parameter_toTest] [-no-multi]
Options :
 -start         path to login use case (XML file)
  -config        pathto injection use case (XML file)
  -report        report file name (htmlextension is required)
  -d             delay (ms) between eachinjection
  -proxy         proxy server (IP: port)
  -chrome       perform a test with Google Chrome, instead of Firefox. It needs the path to thechromedriver
  -ie            perform a test with Internet Explorer, insteadof Firefox.
                 Disable the built in XSS filter in advance
 -remotevectors use an up-to-date online attack vectors source instead of thelocal one
  -stop-first    stop the test upon a successful vector isdetected
  -no-multi      deactivate multithreading for the reverseengineering process - a sequential approach will be adopted
  -reflected    perform a reflected XSS test (without writing the XML config file)
 -p             HTTP GET parameter to inject (useful if -reflected issetted)
  -help          show this help menu 内置XSS攻击测试向量

1.html_payloads:it stores HTML tags whose purpose is to generate an alertdialog window.
2.js_alert payloads:it stores many javascript approaches totrigger an alert dialog window, such as alert(1) oreval(alert(2)).
3.uri_payloads:it stores malicious URIs, such asjavascript:alert(1).
4.expression_alert_payloads:it stores maliciousexpression payloads, such as expression(URL=0); 测试XML配置过程(一个购物网站测试实例)

主配置XML
<?xml version="1.0" encoding="UTF-8"?>
<root>
 <post>
        <commands>
           <command>
               <name>open</name>
               <target>http://wtfbay.com/modify.php?id=90</target>
               <value></value>
            </command>
           <command>
               <name>type</name>
               <target>name=name</target>
               <value>${RANDOM}</value>
          </command>
         <command>
               <name>type</name>
               <target>id=description</target>
               <value>${INJECTION}</value>
          </command>
           <command>
               <name>click</name>
               <target>name=submit</target>
               <value></value>
           </command>
         <command>
               <name>select</name>
               <target>id=cat</target>
               <value>Bike</value>
            </command>
           <command>
               <name>click</name>
               <target>name=submit</target>
               <value></value>
            </command>
       </commands>
    </post>
</root>登录配置

<?xml version="1.0" encoding="UTF-8"?>
<root>
   <post>
        <commands>
           <command>
               <name>open</name>
               <target>http://wtfbay.com/login.php</target>
               <value></value>
            </command>
           <command>
               <name>type</name>
               <target>name=user</target>
               <value>admin</value>
           </command>
          <command>
               <name>type</name>
               <target>name=pwd</target>
               <value>admin</value>
           </command>
          <command>
               <name>click</name>
               <target>name=submit</target>
               <value></value>
           </command>
       </commands>
    </post>
</root>执行检测


点击下载

喜欢0 评分0
回复

切换至电脑版

Powered by phpwind.me ©2003-2014