In this part of SecFox series, detection of XSS vulnerabilities with FireFox is explained. Here, we talk about XSSMe addon which can be is used to automate the tests for XSS thereby saving our precious time.
“The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack. If the resulting HTML page sets a specific JavaScript value (document.vulnerable=true) then the tool marks the page as vulnerable to the given XSS string. The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system” – Security Compass
XSSMe addon is a sidebar tool where we can see all the details of the forms in the current page and select the fields we want to test for XSS. To make things simpler, we have 2 buttons which can be used to test all the fields for Top/All XSS tests.
Click on the image at the right to view it larger
Once we click on test button, we get a dialog box which displays the progress of the running tests. It takes few minutes to complete the tests and depends on the Internet connection speed. We can easily tweak the options if we need this to run quickly and is explained in the latter part of the post.
Working
XSSMe detects the XSS vulnerabilities by automatically submitting the forms which has its field values tampered with XSS scripts and then analyses the response to check whether the output was encoded or not. Each page is loaded in a new tab and then the values are submitted and the tab are closed automatically before testing for the next script.
XSSMe in Action
XSSMe Options
There are few options available in this addon which can help us tweak the results we are looking for. We can change the character set, which XSSMe uses by default, to speed up the process. We can add/remove custom XSS vectors (XSS scripts). The whole list can be exported so that it can be reused later.
Final Report
Once the assessment is complete, final report is displayed which gives us the information on which fields are vulnerable and which XSS scripts got executed. At a quick glance we can check the characters which came out unencoded from the ‘XSS Heuristic Test Results’ section. From the below screenshot, we can find that all the special characters which are used for constructing malicious scripts were found to be unencoded when passed through field1. This implies that field1 is vulnerable to XSS attacks.
Download XSSMe :
(To be continued…)
