Andres,
Take a look at grep.domXss , maybe we can improve it based on webscarab's code? Maybe we can work together with Martin in order to have a greater dom xss detection in both tools?
Hmmm, interesting idea. I'll look.
But what I want is processing whole page with all scripts on it and find real vulnerability. Yes, it is browser behaviour =) Because as you already mentioned false positives for such vulnerability are possible. So we need either JavaScript engine like Google Chrome V8 or some mechanism to use real web browser like Selenium.I think that the best way is to integrate w3af directly with a javascript engine or firefox. Integrating with a js engine might be a little harder, but faster and more flexible. Integrating with firefox could be done through something like http://hyperstruct.net/projects/mozrepl .
I've tested both options and found that w3af wasn't stable enough to add more complexities to it. This was a year ago, so maybe now its time to start thinking about making it more complicated ;)
I has written PoC audit plugin for W3AF which uses Selenium to find DomXSS. It works =)
I'll also look at mozrepl and V8. -- Taras -- "Software is like sex: it's better when it's free.", - Linus Torvalds.
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
