Andres,
I has written PoC audit plugin for W3AF which uses Selenium to find DomXSS. It works =)I want to read that code and test it! =) Where is the download link? ;)
1. You must install Seleinum RC:- download http://release.seleniumhq.org/selenium-remote-control/1.0.1/selenium-remote-control-1.0.1-dist.zip
- put selenium.py in some place and add this place to sys.path - run Selenium server: java -jar selenium-server.jar2. Download PoC code and put it in w3AF's audit plugins dir http://dumpz.org/16826/
3. Test script: plugins audit domxss back target set target http://localhost/domxss.html?aaa=111 back start exit 4. domxss.html source: http://dumpz.org/16356/ Some known problems: - on every audit() call new browser session starts- some problems with shutdown firefox when more then one target are testing after audit plugin work end.
-- Taras -- "Software is like sex: it's better when it's free.", - Linus Torvalds.
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
