Home
Latest images
Search
Register
Log inx5s - Automated XSS testing assistant
Page 1 of 1
x5s - Automated XSS testing assistant
andry Wed Nov 10, 2010 2:53 am
x5s is a Fiddler addon which aims to assist penetration testers in finding cross-site scripting vulnerabilities. By auto-injecting special character-probes x5s can detect where an emitted character may be ill-encoded or transformed and vulnerable to XSS attacks. The methodology used by x5s is to inject small probes which do not constitute a working XSS payload. In other words, x5s will not inject XSS payloads anywhere, it merely aims to identify character encoding and transformation issues that lead to XSS.
The x5s tool will automate testing all of the GET and POST input parameters on the target application, then present the findings in a grid-display for quick visual analysis. The tool goes further by auto-injecting special characters (e.g. higher Unicode, overlong UTF-
to detect transformations that could lead to XSS. x5s has an extensible design allowing for custom request parsers to be quickly implemented. For example, if the target application uses some custom XHR request format that resembles a hybrid between JSON and RPC, you could implement a parser so all of those inputs would be properly tested.
Download and more info: http://xss.codeplex.com
The x5s tool will automate testing all of the GET and POST input parameters on the target application, then present the findings in a grid-display for quick visual analysis. The tool goes further by auto-injecting special characters (e.g. higher Unicode, overlong UTF-
to detect transformations that could lead to XSS. x5s has an extensible design allowing for custom request parsers to be quickly implemented. For example, if the target application uses some custom XHR request format that resembles a hybrid between JSON and RPC, you could implement a parser so all of those inputs would be properly tested. Download and more info: http://xss.codeplex.com
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics» x5s - Automated XSS testing assistant Updated to v1.0.1 beta
» WeakNet Linux Assistant 3 Lite Released
» Firefox Portable for Penetration Testing
» Automated SEO poisoning attacks explained
» Are You Using This Automated Source Of Massive Website Traffic?
» WeakNet Linux Assistant 3 Lite Released
» Firefox Portable for Penetration Testing
» Automated SEO poisoning attacks explained
» Are You Using This Automated Source Of Massive Website Traffic?
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum|
|
|