There are tonnes of web application security scanners in the market – some open source, some free ware and some professional pay wares. We try to find something unique in each one! XSS Rays is one such library, which has been programmed in JavaScript.
The author had programmed XSS Rays for Microsoft. With their permission, the author – Gareth Heyes was able to release the source code. It actually works as a ‘bookmarklet’, i.e., you have to drag your bookmarks from Firefox or IE to work with the tool. It can scan any link, path or form on the target scanning page. It can even work cross domain. Gareth has actually tried in reducing the false positives by actually executing each attack vector and it is reported back if successful.
The bookmarklet works by creating connections to the target links/paths using iframes. These iframes are assigned a name which is the url to return to on successful execution, in other words, the originating url. This allows for effective cross domain links to be checked. Attack vectors are stored in a simple object, and each vector has the following properties- input, name, browser, form, url, path. These vectors can be enabled simply by using switches such as True or False.
There are a few configuration properties supported:-
1. externalLog – Sends all executions to a external logger by default “http://127.0.0.1/XSS_Rays/logging/xss_logger.php”, the vector is encoded and sent to a get variable xss and can be easily customised to log in another language, each field is sent tab separated.
2. excludeURLS – allows you to exclude certain urls from the scan, the variable is a regular expression so remember to double escape special characters.
3. sameorigin – When enabled it should stay to the same site and not scan external links, this has not be tested fully yet.
The latest version is 0.5.5 which can be downloaded here.
Searches leading to this post:xss scanner, stored xss scanner, dork xss, javascript security scanner, xss dorks, xss_rays
You must log in to post a comment.