I recently open-sourced a little project that helps finding XSS flaws. It is called Jinx and can be found at BitBucket.

Jinx is a javascript-based tester for cross site scripting. Currently based on GreaseMonkey, but can be easily decoupled to be used without GM support. It is a ‘quick-n-dirty’ way of testing a page you are on, not an exhaustive way of testing an entire domain.

What it does is that it gathers all the links from the page you are at (including document.location), and the ones that contain parameters are then permutated so a payload is injected into the parameters, one at a time. If you select “Quick check”, then the payload tries to inject the characters ‘ ” and < and get them reflected into the page. Any of these three characters often signal lack of filtering and probable XSS exploitation.

For example "test?a=b&c=d" generates two requests : "test?a=b &c=d” and “test?a=b&c=d “. A prompt tells you how many requests it wants to make, you can look at them or run them.

It is a pretty nice way to do some basic testing and often finds interesting stuff – I test all kinds of pages every now and then, it is staggering how many flaws are out there.

This entry was posted on Tuesday, February 17th, 2009 at 8:12 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.