Website XSS vulnerability detection method and equipment

Abstract

The invention relates to a website XSS vulnerability detection method and equipment. The method comprises the following steps that a to-be-detected link of a website is acquired; an XSS test character string is added into the to-be-detected link to form a test link, wherein the test character string comprises remote access codes, and the remote access codes are carried out to send an access request to a specified address; a hypertext transfer protocol request is sent according to the test link; if the specified address acquires the access request from the website, the fact that an XSS vulnerability exists in the website can be determined. According to the technical scheme of the website XSS vulnerability detection method and equipment, when a webpage corresponding to any detected link is displayed, the specified address can receive the access request of the website, and the fact that the XSS vulnerability exists in the website can be determined; a packet does not need to be sent for a specified link to wait for the response of the specified link, and the large-scale link vulnerability detection can be achieved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a website XSS vulnerability detection method and a website XSS vulnerability detection device. Background technique [0002] XSS is a cross-site scripting attack. When a website has an XSS vulnerability, the attacker can insert code into the page of the website, such as inserting malicious html code into the page of the website. When the user browses the page, the The html code will be executed, and these codes include HTML code and client-side script. The attacker uses the XSS vulnerability to bypass the access control, so as to achieve the special purpose of maliciously attacking the user. [0003] The XSS vulnerability problem will further lead to security problems of user data. Therefore, website visitors want to know the security level of the website, and naturally tend to use relatively safe websites, while website managers hope to fix the loopholes in time, overc...

AI Technical Summary

Problems solved by technology

However, this way of sending packets and other responses requires specific conditions to complete the detection. For example, the webpage with the test script added will not necessarily be displayed or displayed immediately, which leads to the fact that the detection vulnerabilities in the existing technology cannot be completely covered.

[0005] In addition, the XSS vulnerability detection in the prior art performs the packet sending operation and response analysis through timing or manual triggering by the user. On the one hand, due to the existence of human subjective factors, it is difficult to accurately determine the specific situation and the specific situation of the vulnerability based on the response. On the other hand, due to the large amount of data on the testing website, it is difficult to complete the test in a timely and effective manner by manually sending out packages and analyzing responses

Images