Home       Trees       Indices       Help   
w3af homepage
Package plugins :: Package audit :: Module xss :: Class xss
[hide private]
[frames] | no frames]

Class xss



This plugin tests for cross site scripting vulnerabilities.

Author: Andres Riancho ( andres.riancho@gmail.com )

Instance Methods [hide private]
  __init__(self)
  _fuzzRequests(self, freq)
Tests an URL for XSS vulnerabilities.
  _getXssStrings(self)
Does a select to the DB for a list of XSS strings that will be tested agains the site.
  _isEchoed(self, mutant)
Verify if the parameter we are fuzzing is really being echoed back in the HTML response or not.
  _analyzeResult(self, mutant, response)
This method analyzes the result of _sendMutant().
  _checkFilters(self, mutant, response)
Check how special chars are filtered or escaped.
  _checkHTML(self, xssString, htmlString)
This function checks if the javascript XSS is going to work or not.
  _addToPermanentXssChecking(self, mutant)
This is used to check for permanent xss.
  end(self)
This method is called to check for permanent Xss.
  getOptionsXML(self)
This method returns a XML containing the Options that the plugin has.
  setOptions(self, optionsMap)
This method sets all the options that are configured using the user interface generated by the framework using the result of getOptionsXML().
  getPluginDeps(self)
  getLongDesc(self)

Inherited from core.controllers.basePlugin.baseAuditPlugin.baseAuditPlugin: audit, getType

Inherited from core.controllers.basePlugin.baseAuditPlugin.baseAuditPlugin (private): _hasNoBug

Inherited from core.controllers.basePlugin.basePlugin.basePlugin: __eq__, getDesc, getName, printUniq, setUrlOpener

Inherited from core.controllers.basePlugin.basePlugin.basePlugin (private): _sendMutant


Method Details [hide private]

__init__(self)
(Constructor)

 
None
Overrides: core.controllers.basePlugin.baseAuditPlugin.baseAuditPlugin.__init__

_fuzzRequests(self, freq)

 
Tests an URL for XSS vulnerabilities.
Parameters:
  • freq - A fuzzableRequest
Overrides: core.controllers.basePlugin.baseAuditPlugin.baseAuditPlugin._fuzzRequests

_getXssStrings(self)

 
Does a select to the DB for a list of XSS strings that will be tested agains the site.
Returns:
A list with all XSS strings to test. Example: [ '<>RANDOMIZE','alert(RANDOMIZE)']

_isEchoed(self, mutant)

 
Verify if the parameter we are fuzzing is really being echoed back in the HTML response or not. If it aint echoed there is no chance we are going to find a XSS here.
Parameters:
  • mutant - The request to send.
Returns:
True if variable is echoed

_analyzeResult(self, mutant, response)

 

This method analyzes the result of _sendMutant().

This method MUST be implemented on every plugin.
Overrides: core.controllers.basePlugin.baseAuditPlugin.baseAuditPlugin._analyzeResult
(inherited documentation)

_checkFilters(self, mutant, response)

 
Check how special chars are filtered or escaped.

_checkHTML(self, xssString, htmlString)

 

This function checks if the javascript XSS is going to work or not. Examples: Request: http://a.com/f.php?a=javascript:alert('XSS'); HTML Response: <IMG SRC="javascript:alert('XSS');"> _checkHTML returns True

Request: http://a.com/f.php?a=javascript:alert('XSS'); HTML Response: I love javascript:alert('XSS'); _checkHTML returns False

_addToPermanentXssChecking(self, mutant)

 
This is used to check for permanent xss.
Returns:
No value is returned.

end(self)

 
This method is called to check for permanent Xss. Many times a xss aint on the page we get after the GET/POST of the xss string. This method searches for the xss string on all the pages that are available.
Returns:
None, vulns are saved to the kb.
Overrides: core.controllers.basePlugin.baseAuditPlugin.baseAuditPlugin.end

getOptionsXML(self)

 
This method returns a XML containing the Options that the plugin has. Using this XML the framework will build a window, a menu, or some other input method to retrieve the info from the user. The XML has to validate against the xml schema file located at : w3af/core/ui/userInterface.dtd
Returns:
XML with the plugin options.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getOptionsXML

setOptions(self, optionsMap)

 
This method sets all the options that are configured using the user interface generated by the framework using the result of getOptionsXML().
Parameters:
  • OptionList - A dictionary with the options for the plugin.
Returns:
No value is returned.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.setOptions

getPluginDeps(self)

 
Returns:
A list with the names of the plugins that should be runned before the current one.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getPluginDeps

getLongDesc(self)

 
Returns:
A DETAILED description of the plugin functions and features.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getLongDesc

   Home       Trees       Indices       Help   
w3af homepage
Generated by Epydoc 3.0alpha3 on Thu Oct 18 19:39:31 2007 http://epydoc.sourceforge.net