Taras, On Mon, Feb 1, 2010 at 6:02 PM, Taras <naplan...@gmail.com> wrote: > Hi, Martin! > > Thanks for answer! > >> I don't know of selenium, but testing for dom-based xss can be done >> passively by checking for use (assignments) using any of the following: >> window.location,window.top.location document.URL document.location >> document.URLUnencoded > > Yes, I also thought about simply grepping response for such patterns.
Take a look at grep.domXss , maybe we can improve it based on webscarab's code? Maybe we can work together with Martin in order to have a greater dom xss detection in both tools? > But what I want is processing whole page with all scripts on it and find > real vulnerability. Yes, it is browser behaviour =) Because as you already > mentioned false positives for such vulnerability are possible. > So we need either JavaScript engine like Google Chrome V8 or some mechanism > to use real web browser like Selenium. I think that the best way is to integrate w3af directly with a javascript engine or firefox. Integrating with a js engine might be a little harder, but faster and more flexible. Integrating with firefox could be done through something like http://hyperstruct.net/projects/mozrepl . I've tested both options and found that w3af wasn't stable enough to add more complexities to it. This was a year ago, so maybe now its time to start thinking about making it more complicated ;) >> The source for that functionality in Webscarab can be viewed at >> >> >> http://martin.swende.se/gitweb.cgi?p=webscarab;a=blob;f=src/org/owasp/webscarab/plugin/fragments/Fragments.java;hb=HEAD > > How can I import this code into webscarab? > > > > -- > Taras > -- > "Software is like sex: it's better when it's free.", - Linus Torvalds. > > > ------------------------------------------------------------------------------ > The Planet: dedicated and managed hosting, cloud storage, colocation > Stay online with enterprise data centers and the best network in the > business > Choose flexible plans and management services without long-term contracts > Personal 24x7 support from experience hosting pros just a phone call away. > http://p.sf.net/sfu/theplanet-com > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop