دوم XSS المسح الضوئي النشطة القاعدة

قاعدة "أحدث مسح" للكشف عن الثغرات XSS دوم.

It launches browser windows and sends attack payloads to all of the relevant DOM elements.
As it launches browser windows it will take significantly longer than other (non browser based) rules.

This version supports Firefox (the default) and Chrome. They can be run with GUI or headless (default), it can be changed with the rule rules.domxss.browserid, via the Options 'Rule configuration' panel, with values firefox, firefox-headless, chrome and chrome-headless.

Strengths and Thresholds

The following Attack Strengths are supported, and related directly to the number of attack payloads used for URL fragment and form input field injections (eg: http://example.com/index.html?foo=bar#injection):

LOW: 1 attack payloads
MEDIUM: 3 attack payloads
منخفض: 2 الهجوم حمولات
INSANE: 9 attack payloads

The scanner will also attempt URL/query parameter injections which are not impacted by the selected strength.

القاعدة فقط تقريرا واحد دوم XSS الضعف كل عقده، ما لم يتم استخدام عتبة "تنبيه منخفضة"، في هذه الحالة فإنه سوف تحاول أن تبقى جميع الحمولات المحدد.

Exclusions

The rule will block the browser it launches from accessing any URLs that are excluded by:

Global Exclusions
Context Exclusions, if invoked with the relevant context

Latest code: DomXssScanRule.java