Hi, Martin! Thanks for answer!
I don't know of selenium, but testing for dom-based xss can be done passively by checking for use (assignments) using any of the following: window.location,window.top.location document.URL document.location document.URLUnencoded
Yes, I also thought about simply grepping response for such patterns.But what I want is processing whole page with all scripts on it and find real vulnerability. Yes, it is browser behaviour =) Because as you already mentioned false positives for such vulnerability are possible. So we need either JavaScript engine like Google Chrome V8 or some mechanism to use real web browser like Selenium.
The source for that functionality in Webscarab can be viewed at http://martin.swende.se/gitweb.cgi?p=webscarab;a=blob;f=src/org/owasp/webscarab/plugin/fragments/Fragments.java;hb=HEAD
How can I import this code into webscarab? -- Taras -- "Software is like sex: it's better when it's free.", - Linus Torvalds.
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com
_______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop