snuck与众多传统安全扫描器不同,他的作用主要用于突破XSS过滤器。snuck基于Selenium,支持Mozilla Firefox, googleChrome和internet Explorer浏览器。 使用方法: >java -jar snuck.jar Usage: snuck [-start xmlconfigfile ] -configxmlconfigfile -report htmlreportfile [-d # ms_delay] [-proxy IP:port][-chrome chromedriver ] [-ie iedriver] [-remotevectors URL][-stop-first] [-reflected targetURL -p parameter_toTest] [-no-multi] Options : -start path to login use case (XML file) -config pathto injection use case (XML file) -report report file name (htmlextension is required) -d delay (ms) between eachinjection -proxy proxy server (IP: port) -chrome perform a test with Google Chrome, instead of Firefox. It needs the path to thechromedriver -ie perform a test with Internet Explorer, insteadof Firefox. Disable the built in XSS filter in advance -remotevectors use an up-to-date online attack vectors source instead of thelocal one -stop-first stop the test upon a successful vector isdetected -no-multi deactivate multithreading for the reverseengineering process - a sequential approach will be adopted -reflected perform a reflected XSS test (without writing the XML config file) -p HTTP GET parameter to inject (useful if -reflected issetted) -help show this help menu 内置XSS攻击测试向量
1.html_payloads:it stores HTML tags whose purpose is to generate an alertdialog window. 2.js_alert payloads:it stores many javascript approaches totrigger an alert dialog window, such as alert(1) oreval(alert(2)). 3.uri_payloads:it stores malicious URIs, such asjavascript:alert(1). 4.expression_alert_payloads:it stores maliciousexpression payloads, such as expression(URL=0); 测试XML配置过程(一个购物网站测试实例)
