sQuo Posted October 23, 2012 Share Posted October 23, 2012 This is the hidden content, please Sign In or Sign Up snuck is an automatic tool whose goal is to significantly test a given XSS filter by specializing the injections on the basis of the reflection context. This approach adopts Selenium to drive a web browser in reproducing both the attacker's behavior and the victim's. snuck is an automated tool that may definitely help in finding XSS vulnerabilities in web applications. It is based on Selenium and supports Mozilla Firefox, Google Chrome and Internet Explorer. The approach, it adopts, is based on the inspection of the injection's reflection context and relies on a set of specialized and obfuscated attack vectors for filter evasion. In addition, XSS testing is performed in-browser, a real web browser is driven for reproducing the attacker's behavior and possibly the victim's. Download - This is the hidden content, please Sign In or Sign Up Executable jar and malicious payloads This release is the same as the "first release", it just includes the required files for licensing purposes - which were missing - and a brief README. This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts