Snuck is an automatic tool whose goal is to significantly test a
given XSS filter by specializing the injections on the basis of the
reflection context. This approach adopts Selenium to drive a web browser
in reproducing both the attacker's behavior and the victim's.
snuck is an automated tool that may definitely help in finding XSS
vulnerabilities in web applications. It is based on Selenium and
supports Mozilla Firefox, Google Chrome and Internet Explorer.
The approach, it adopts, is based on the inspection of the injection's
reflection context and relies on a set of specialized and obfuscated
attack vectors for filter evasion. In addition, XSS testing is performed
in-browser, a real web browser is driven for reproducing the attacker's
behavior and possibly the victim's.
snuck is quite different from typical web security scanners, it
basically tries to break a given XSS filter by specializing the
injections in order to increase the success rate. The attack vectors are
selected on the basis of the reflection context, that is the exact
point where the injection falls in the reflection web page's DOM.
Having access to the pages' DOM is possible through Selenium Web Driver,
which is an automation framework, that allows to replicate operations
in web browsers. Since many steps could be involved before an XSS filter
is "activated", an XML configuration file should be filled in order to
make snuck aware of the steps it needs to perform with respect to the
tested web application.