Wednesday, March 25, 2009

XSS Rays - Open Source XSS Scanner

I’ve developed a new XSS scanner tool that’s written in Javascript called XSS Rays for Microsoft. They have given me permission to release the tool as open source which is awesome because it can be used for other open source applications. I recommend you use it as part of the web development process to make sure you’ve filtered XSS correctly on your application.

It works as a bookmarklet and scans any links, paths or forms on the target scanning page (even cross domain). You can add vectors to it quite easily and it includes some of the most common injections I’ve found on sites over the years. I’ve tested it on IE7/IE8 and Firefox but it could work in other browsers.

The advantage of the bookmarklet is that vectors can be customised for each browser and they are executed in the context of the browser, in IE8 standards mode were css expressions are disabled in IE8 the vector won’t be executed for example.

Hopefully there should be no false positives either because each vector is actually executed and it reported back as successful, in fact if there is a false positive it will be a bug in my code (lets hope not).

No comments:

Post a Comment