This is a simple single-file python program that can find basic XSS (cross-site scripting) vulnerabilities in a target url. Most XSS discovery tools use a payload refelection strategy in which payloads are injected in url parameters and the GET response is inspected for places where the payload content is reflected. This is a very low precision XSS detection strategy because most reflection does not support execution.
This program uses a different approach, and instead opens the target url in a browser, tests alert(...) payloads directly in the browser context, and listens for an alert being triggered. This means that any XSS spotted by this program is extremely unlikely to be a false positive.
Comments URL: https://news.ycombinator.com/item?id=41251312
Points: 11
# Comments: 0
Accedi per aggiungere un commento
Altri post in questo gruppo
We’ve built Synergetica, an open-source desktop app for end-to-end genetic circuit design. It supports node-based or code-based editing, interactive simulations, and automated DNA sequence generat
Article URL: https://insideclimatenews.org/news/10022025/solar-battery-storage-texas-grid/
Commen
Article URL: https://www.eff.org/
Comments URL: https://news.ycombinator.com/item?id=43060655
Article URL: https://nabraj.com/blog/basketball-solved-sport/
I’ve been messing around with Bluesky for a while, and one thing I really missed was a proper way to browse discussions in a structured, Reddit-like way specially myself being daily reddit user. S
