For finding DOM based cross site scripting vulnerabilities, we need to use IronWASP as proxy and then browse through the various section of the demo application using the browser based crawler technique as discussed earlier while learning on how to perform CSRF vulnerabilities. This would generally capture all the logs of the site pages in the Logs > Proxy Logs section of IronWASP tool.
Now to perform DOM based XSS test, expand the Tools menu for IronWASP and select DOM XSS Analyzer. It should invoke a window with title as 'DOM XSS Analyzer'. Here you would find a 'Start Analysis' button clicking which it will go through all the Responses in the Proxy log, extracts all the JavaScript from each Response and externally referenced script files. It would then identify all occurrences of DOM XSS Sources and Sinks. [Basically it does static analysis on all the logs captured in the proxy log section and generate a analysis report in form of a file. It will show the path of the analysis report in the DOM XSS analyzer window once the analysis is complete. See screenshot below.
The screenshot below shows the details analysis of the DOM XSS that it had performed. It basically use regular expression to find the most common DOM XSS Sources and Sinks. The Screenshot highlights all the issues (vulnerabilities) that the tool found for different URLs of the site and display them.
Now click on any specific link would shows all the JavaScript that it located in the specific page/url of the site. In most pages, the JavaScript are located at different section of the site say some JavaScript are inside script tags or may be they are in event handler or there are few which are loaded from external URLs etc. This tool through DOM XSS Analyzer actually loads all the JavaScript present in different pages of the site and then link together in a series and show them in one location. From the report, if we scroll down you would view all the JavaScript that the page uses.
You will find that the different sources and sinks which were identified by the tool are highlighted/marked in different BG font color. So from the report, you can also examine manually and see whether any of the identified sources/sinks lead to DOM XSS Vulnerabilities or not.
My Learning Material / Reference:
Site Address:
http://ironwasp.org/index.html
http://hack-tools.blackploit.com/2014/04/ironwasp-2014-one-of-worlds-best-web.html
http://securitybyte.org/resources/2011/presentations/ironwasp.pdf
Video Tutorial Link Reference:
Click Here
My Learning Material / Reference:
Site Address:
http://ironwasp.org/index.html
http://hack-tools.blackploit.com/2014/04/ironwasp-2014-one-of-worlds-best-web.html
http://securitybyte.org/resources/2011/presentations/ironwasp.pdf
Video Tutorial Link Reference:
Click Here
No comments:
Post a Comment