Snuck v0.1 - Automatic XSS filter bypass
snuck is an automatic tool whose goal is to significantly test a given XSS filter by specializing the injections on the basis of the reflection context. This approach adopts Selenium to drive a web browser in reproducing both the attacker's behavior and the victim's.
snuck is an automated tool that may definitely help in finding XSS vulnerabilities in web applications. It is based on Selenium and supports Mozilla Firefox, Google Chrome and Internet Explorer. The approach, it adopts, is based on the inspection of the injection's reflection context and relies on a set of specialized and obfuscated attack vectors for filter evasion. In addition, XSS testing is performed in-browser, a real web browser is driven for reproducing the attacker's behavior and possibly the victim's.
Download -
snuck-0.1.zip - updated version on 23-oct-2012Executable jar and malicious payloads
This release is the same as the "first release", it just includes the required files for licensing purposes - which were missing - and a brief README.
snuck.zip - older version
Source -
Tutorial -
Screenshot -