Taras wrote: > Hello, all! > > For the first, has you ever meet webapp which generates its content > with JavaScript (Process document.location and so on)? > Something like http://dumpz.org/16356/ > You can open such HTML with param foo=<script>alert(/XSS/)</script> > Dom-based XSS, pretty common but not often detected. I wrote some functionality for Webscarab to detect them - but all it does really is detect *possible* dom-xss vulnerabilities, so there can be a few false positives.
I don't know of selenium, but testing for dom-based xss can be done passively by checking for use (assignments) using any of the following: window.location,window.top.location document.URL document.location document.URLUnencoded The source for that functionality in Webscarab can be viewed at http://martin.swende.se/gitweb.cgi?p=webscarab;a=blob;f=src/org/owasp/webscarab/plugin/fragments/Fragments.java;hb=HEAD It checks assigments or direct usage of 'dangerous' things, and weeds out some false positives afterwards. IMHO, It works pretty well. It often finds me some dom-based XSS, but it does need manual verification. If you want to completely get rid of manual verification, then I think something like Selenium is needed. (Although the passive approach could be a good start to get an idea of where to fuzz) /Martin Holst Swende ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
