Advertisements

 XSS Assistant script for Firefox helps finding XSS holes

Written by KF

Wednesday, 16 May 2007

Sid from whiteacid.org has coded an "XSS Assistant" script for the Greasemonkey firefox extension. From its homepage:

"The goal of this script is to allow users to easily test any web for cross-site-scripting flaws. The script aims to do this by providing an easy to use menu by any form. It should be noted that although I may refer only to forms for the rest of the description, the script does also allow the user to test the current variables in the url bar for cross site scripting flaws. While this script does help a user find an XSS flaw it cannot really be used without understanding what an XSS flaw is. If you do not yet understand XSS flaws, I suggest you read up on it."

This script can test for multiple vectors from RSnake's XSS Cheat Sheet and from another one by mario, it can also be used to notify the XSS directly to xssed.com. We suggest that you take a look at this script as it can be very useful to search for XSS holes.

XSS Assistant for Greasemonkey:
http://www.whiteacid.org/greasemonkey/#xss_assistant

Update 17/05/2007: a new version of the script has been released, it fixes an error when submitting XSS to xssed.com.


        
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.