Skip to content

Javascript library fuzzer. Tries to detect functions which may lead to XSS vulnerabilities if untrusted data is passed to said functions.

Notifications You must be signed in to change notification settings

kozmic/js-library-xss-fuzzer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Javascript that test jQuery for unsafe functions

About

This project executes all functions in a configurable Javascript framework with XSS attack strings as arguments. If an attck string executes, the function is marked as "unsafe". Unsafe functions should never be called with untrusted data as arguments without encoding and/or validation, this will lead to one or more XSS vulnerabilities.

Running the tests

  • By default the tests run against jQuery 1.8.0 which is included. To run against another framework:
  • Open js/functions-fuzzer.js in your favorite editor.
  • Configure window.libraryName, only use to display name in result page (example valuejQuery 1.8.0).
  • Configure window.libraryFunction, the variable the library to test binds to, all functions bound to this variable are tested (example $ for jQuery).
  • Change the script tag in index.html to point to the library you want to test.
  • Start a HTTP server with the repository as server root.
  • Python: python -m SimpleHTTPServer
  • Ruby: ruby -rwebrick -e'WEBrick::HTTPServer.new(:Port => 3000, :DocumentRoot => Dir.pwd).start'
  • Point your favorite browser (read Chrome) to http://localhost:8000

Tested in Chrome 20 and 21.

Example: Test result screenshot

Screenshot after fuzzing jQuery 1.8.0:

jQuery 1.8.0 result

Test results

jQuery 1.8.0: 10 unsafe function out of 253.

  • globalEval
  • wrapAll
  • wrapInner
  • wrap
  • append
  • prepend
  • before
  • after
  • html
  • replaceWith

jQuery 1.4.4: 10 unsafe function out of 236.

  • globalEval
  • wrapAll
  • wrapInner
  • wrap
  • append
  • prepend
  • before
  • after
  • html
  • replaceWith

zepto.1.0rc1: 7 unsafe function out of 135

  • replaceWith
  • wrapAll
  • html
  • after
  • prepend
  • before
  • append

License

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

About

Javascript library fuzzer. Tries to detect functions which may lead to XSS vulnerabilities if untrusted data is passed to said functions.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published