x5s
http://xss.codeplex.com/
5s是fiddler的插件, 协助XSS脚本攻击的穿刺性测试。 需要手动驱动。 安全编码,unicode字符变形,ut-8编码。
5s is a Fiddler addon which aims to assist penetration testers in finding cross-site scripting vulnerabilities. This is not a point and shoot tool, it requires some understanding of how encoding issues lead to XSS, and it requires manual driving. See the Quickstart Tutorial to jump right in but be ready to do a little work. It's main goal is to help you identify the hotspots where XSS might occur by:
- Detecting where safe encodings were not applied to emitted user-inputs
- Detecting where Unicode character transformations might bypass security filters
- Detecting where non-shortest UTF-8 encodings might bypass security filters
下载安装
从如下地址下载,下载文件X5Setup.msi, 并安装后, 打开fiddler,在左侧就能看到x5s tab页。
http://xss.codeplex.com/releases/view/43170
配置运行
http://xss.codeplex.com/documentation
第八步骤, 使用IE safari 或者 chrome, 点击需要测试的提交点, fiddler x5s会捕捉到提交的http请求,并按照其定制的策略,对各个参数逐个测试其转码安全性。
然后在result tab页中, 查看测试结果, 可以使用hotspot来过滤需要重点关注的。
To get up and running quickly:
- Start Fiddler, and select the x5s tab.
- Check Enable to start capturing page metadata.
- Enter a Preamble, or use the default - this must be a unique string x5s can use to identify its payload in the response, for example "pqz" or "test321"
- Enable Domain Targeting to restrict testing to a particular domain, i.e., the site you'd like to test.
- Select each of the auto-injection options you want (e.g. select auto-inject into GET, POST, and Other)
- Leave the advanced filter disabled for now
- Enable the injection characters you'd like to test through the 'Test Case Configuration' tab.
- Browse the site you're testing. x5s will work its magic.
- Click the 'Results' tab to review any issues discovered by the tool.
- If you don't feel like trying to make sense of the results, just click the 'show hotspots' button and review any that show up.