Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Are there cross-platform tools to write XSS attacks directly to the database?

I've recently found this blog entry on a tool that writes XSS attacks directly to the database. It looks like a terribly good way to scan an application for weaknesses in my applications.

I've tried to run it on Mono, since my development platform is Linux. Unfortunately it crashes with a System.ArgumentNullException deep inside Microsoft.Practices.EnterpriseLibrary and I seem to be unable to find sufficient information about the software (it seems to be a single-shot project, with no homepage and no further development).

Is anyone aware of a similar tool? Preferably it should be:

  • cross-platform (Java, Python, .NET/Mono, even cross-platform C is ok)
  • open source (I really like being able to audit my security tools)
  • able to talk to a wide range of DB products (the big ones are most important: MySQL, Oracle, SQL Server, ...)

Edit: I'd like to clarify my goal: I'd like a tool that directly writes the result of a successful XSS/SQL injection attack into the database. The idea is that I want to check that every place in my app does correct output encoding. Detecting and avoiding the data getting there in the first place is an entirely different thing (and might not be possible when I display data that's written to the DB by a third-party application).

Edit 2: Corneliu Tusnea, the author of the tool I linked to above, has since released the tool as free software on codeplex: http://xssattack.codeplex.com/

like image 313
Joachim Sauer Avatar asked Mar 16 '10 10:03

Joachim Sauer


4 Answers

I think metasploit has most of the attributes you are looking for. It may even be the only one that has all of what you specify, since all the others I can think of are closed source. There are a few existing modules that deal with XSS and one in particular that you should take a peek at: HTTP Microsoft SQL Injection Table XSS Infection. From the sounds of that module it is capable of doing exactly what you are wanting to do. The framework is written in Ruby I believe, and is supposed to be easy to extend with your own modules which you may need/want to do. I hope that helps.

http://www.metasploit.com/

like image 116
mikewilliamson Avatar answered Oct 30 '22 12:10

mikewilliamson


Not sure if this is what you're after, its a parameter fuzzer for HTTP/HTTPS.

I haven't used it in a while, but IIRC it acts a proxy between you and the web application in question - and will insert XSS/SQL Injection attack strings into any input fields before deeming whether the response was "interesting" or not, thus whether the application is vulnerable or not.

http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project

From your question I'm guessing it is a type of fuzzer you're looking for, and one specifically for XSS and web applications; if I'm right - then that might help you!

Its part of the Open Web Application Security Project (OWASP) that "jah" has linked you to above.

like image 39
Moddy Avatar answered Oct 30 '22 11:10

Moddy


There are some Firefox plugins to do some XSS testing here: http://labs.securitycompass.com/index.php/exploit-me/

like image 29
a'r Avatar answered Oct 30 '22 11:10

a'r


A friend of mine keeps saying, that php-ids is pretty good. I haven't tried it myself, but it sounds as if it could approximately match your description:

  • Open Source (LGPL),
  • Cross Platform - PHP is not in your list, but maybe it's ok?
  • Detects "all sorts of XSS, SQL Injection, header injection, directory traversal, RFE/LFI, DoS and LDAP attacks" (this is from the FAQ)
  • Logs to databases.
like image 22
Chris Lercher Avatar answered Oct 30 '22 11:10

Chris Lercher