burp suite 使用 xssvalidate 进行自动化xss安全扫描

burp suite 使用 xssvalidate 进行自动化xss安全扫描

下载

https://portswigger.net/burp/releases/download?product=free&version=1.7.27&type=macosx

https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-macosx.zip

git clone https://github.com/nVisium/xssValidator
 cd xssValidator;
 mkdir ./burp-extender/lib
 cd burp-extender/lib 
 wget http://central.maven.org/maven2/commons-codec/commons-codec/1.6/commons-codec-1.6.jar
 wget http://central.maven.org/maven2/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar
 wget http://central.maven.org/maven2/org/apache/httpcomponents/fluent-hc/4.3.6/fluent-hc-4.3.6.jar
 wget http://central.maven.org/maven2/org/apache/httpcomponents/httpclient/4.3.6/httpclient-4.3.6.jar
 wget http://central.maven.org/maven2/org/apache/httpcomponents/httpclient-cache/4.3.6/httpclient-cache-4.3.6.jar
 wget http://central.maven.org/maven2/org/apache/httpcomponents/httpcore/4.3.3/httpcore-4.3.3.jar
 wget http://central.maven.org/maven2/org/apache/httpcomponents/httpmime/4.3.6/httpmime-4.3.6.jar
 cd ../../burp-extender/bin/burp
 ant;
 ls bin/burp/xssValidator.jar;

启动xss服务(这个必须有）

cd /path/to/xssValidator/xss-detector;
phantomjs xss.js;

配置插件xssValidator

使用插件

代理功能（目的是抓取真实的http请求报文）

配置好浏览器代理地址后发起请求，burp会捕获到请求，点击forward

找到对应的请求历史记录，并发送到intruder

配置payloads为xssValidator

配置options的grep - match

对应字符串的出处

修改请求参数，并开始xss扫描

查看单独的结果（有勾选的就是有xss漏洞的）

把对话框出现的url地址copy到浏览器访问，并在显示的地址点击按钮

最后看到xss漏洞的现象

转载于:https://my.oschina.net/mmfei/blog/1548541