Xssya

701 views
508 views

Published on

XSSYA is a Cross Site Scripting Scanner/Confirmation tool which aims to find XSS vulnerability which is written in Python. It allows a penetration tester to scan a website without using the browser and confirm whether the website is vulnerable to XSS - Cross site scripting
vulnerability or not by injecting and executing around 28 encoded payload on the specified URL.

Published in: Software
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
701
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
7
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Xssya

  1. 1. XSSYA – Cross Site Scripting (XSS) Scanner Tool By: Pinaki Mohapatra Quality Assurance Engineer Mindfire Solutions Date: 21st August 2014 .
  2. 2. XSSYA Tool Usage XSSYA is a Cross Site Scripting Scanner/Confirmation tool which aims to find XSS vulnerability which is written in Python. It allows a penetration tester to scan a website without using the browser and confirm whether the website is vulnerable to XSS - Cross site scripting vulnerability or not by injecting and executing around 28 encoded payload on the specified URL. Now in general while scanning a website it give us false positive vulnerabilities and that is because many other scanner uses there method to send request and response and try to execute payload and if it return a status - 200 then it confirm the site is vulnerable but however these doesn't confirm the vulnerability aand so in such case, the penetration tester has to test and confirm manually. What is False Postive ? False positive is something when you think a specific vulnerability exist in the program, it may be the result that many security scanner returns after test execution. False positive may occur because of weak static checks that security scanner detect. Sometime a security scanner when it tries to detect a vulnerability it may use the algorithm to find one or more pre-defined signature pattern (i.e. CHECK LOGIC) within an HTTP response and that might go wrong due to which the scanner will deduce that the vulnerability exists (which actually doesn't exist in real) and then report it accordingly. XSSYA - How it Work ? Written in Python, XSSYA works by executing it library of encoded payload to bypass WAF (WEB APPLICATION FIREWALLS). This is basically the METHOD 1 which confirm the Request and Response. If the HTTP response returns status - 200 then the tool attempts to execute METHOD 2 which actually then search for the payload decoded in the web page HTML code and if it confirmed then it gets to the last step and execute document.cookie to get the cookie. XSSYA Features: • Support both Windows & Linux ENV • Support HTTP & HTTPS • Identifies 3 types of WAF (mod_security, WebKnight & F5 BIG IP) • XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall) Support Saving The Web HTML Code Before Executing the Payload Viewing the Web HTML Code into the Screen or Terminal • After Confirmation (execute payload to get cookies)
  3. 3. Download & Installation Procedure: • You can download XSSYA here (Link – https://github.com/yehia-mamdouh/XSSYA). Click on the Download ZIP button to download as shown in the screenshot below: • Once the file is download, extact all the files to any local drive in your machine. See screenshot below.
  4. 4. Now we are all set to run and execute test using XSSYA. Test Execution: • For executing test, open run prompt and redirect to the directory where you have extracted the ZIP files (Mostly look for the directory which contains xssya.py file). See screenshot below.
  5. 5. • Now to initiate your test enter python xssya.py and hit enter. • Enter the Vulnerable Website link and hit enter. (For demostration purpose, i am using the following link which is vulnerable to XSS - " http://demo.testfire.net/search.aspx? txtsearch= " and for learning you may use the same). Note: Make sure to choose a vulnerable link which ends with [ / or = or ? ]
  6. 6. • As mentioned above, in the next step we need to choice 1 or 2 i.e. we need to select Method 1 or Method 2. Method 1 - It is used to check the link is vulnerable or not i.e. Confirmation of Request and Response. Method 2 - If Method 1 returns success i.e. it confirms the link is vulnerable then it execute encoded payload and search for the same payload in web HTML code to get the cookies.
  7. 7. • At the end of the test execution, this tool also allow you to save the web page html code and print them. See screenshot below. Happy Hunting !! :)

×