Home Unlabelled Snuck v0.1 - Automatic XSS filter bypass

Snuck v0.1 - Automatic XSS filter bypass

By
Tuesday, October 23, 2012
Read
Add Comment
snuck is an automatic tool whose goal is to significantly test a given XSS filter by specializing the injections on the basis of the reflection context. This approach adopts Selenium to drive a web browser in reproducing both the attacker's behavior and the victim's.

snuck is an automated tool that may definitely help in finding XSS vulnerabilities in web applications. It is based on Selenium and supports Mozilla Firefox, Google Chrome and Internet Explorer. The approach, it adopts, is based on the inspection of the injection's reflection context and relies on a set of specialized and obfuscated attack vectors for filter evasion. In addition, XSS testing is performed in-browser, a real web browser is driven for reproducing the attacker's behavior and possibly the victim's.
Download -
snuck-0.1.zip - updated version on 23-oct-2012
Executable jar and malicious payloads 
This release is the same as the "first release", it just includes the required files for licensing purposes - which were missing - and a brief README.

snuck.zip - older version

Source -

Tutorial -

Screenshot -


Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us