XSS vulnerability detection method based on simulating browser behavior

A vulnerability detection, browser technology, applied in the direction of instrumentation, digital data processing, platform integrity maintenance, etc., can solve complex, difficult to parse JavaScript or load Ajax, cannot dynamically analyze the response information of the target site, etc., to achieve The effect of high accuracy
CN104881608AInactive Publication Date: 2015-09-02BEIJING UNIV OF TECH
4 Cites 20 Cited by

Patent Information

Authority / Receiving Office
CN Β· China
Patent Type
Applications(China)
Current Assignee / Owner
BEIJING UNIV OF TECH
Publication Date
2015-09-02
Estimated Expiration
Not applicable Β· inactive patent

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention relates to an XSS vulnerability detection method based on simulating a browser behavior. A crawler module is contained with a core of a browser, JavaScript can be analyzed and Ajax can be loaded by simulating the browser behavior to obtain a hidden type decanting point of a page. Compared with a traditional condition, the system increases covering of the decanting point greatly. A vulnerability detection module uses a black-box detection method to detect whether an abnormal condition occurs on the page or not by simulating the browser behavior after the attack vector is improved, namely whether the browser executes a page script or not can be detected, whether a current decanting point has vulnerability or not is judged directly, and the method is more accurate compared with the traditional method. In addition, the method is exploited through the python language, the advantages of being easy to maintain and being easy to conduct secondary development are possessed, and a great application value is possessed to the detection and research of the XSS vulnerability.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to an XSS loophole detection method based on simulated browser behavior, and belongs to the field of computer software cross-site scripting loopholes. Background technique

[0002] In recent years, with the widespread use of Web applications, Web security issues have become increasingly prominent. Among the top ten web application security risks released by OWASP in 2013, cross-site scripting vulnerability XSS (Cross Site Scripting) ranked third, which shows that XSS vulnerability has become one of the common security risks that all kinds of websites need to face.

[0003] XSS vulnerabilities arise when untrusted data from the user is processed by the application without validation and reflected back to the browser without encoding or escaping, causing the browser engine to execute code. Many websites ignore the necessary input validation during the development process and lack sufficient security. Such websites are easily attack...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More