Skip to content

mauro-g/snuck

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
3 branches 1 tag
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
lib
 
 
payloads
 
 
src
 
 
README.md
 
 
build.xml
 
 
snuck Overview Learn about snuck Research papers

README.md

snuck

Automatic XSS filter bypass

Overview

snuck is an automatic tool whose goal is to significantly test a given XSS filter by specializing the injections on the basis of the reflection context. This approach adopts Selenium to drive a web browser in reproducing both the attacker and the victim behavior.

Learn about snuck

Visit the tutorial for further information about the tool and the user guide.

Research papers

The methodology, evaluation, and implementation of snuck is described in a technical report:

  • Fabrizio d'Amore, Mauro Gentile: Automatic and Context-Aware Cross-Site Scripting Filter Evasion. Department of Computer, Control, and Management Engineering Antonio Ruberti Technical Reports, Technical Report n. 4, Sapienza University of Rome, 2012. [Paper]

Notes

The project is no longer under active development since June 2013, and it was exported from Google Code. Latest code changes were applied to the 0.1.1 branch.

snuck is released under the Apache 2.0 license.

About

Automatic XSS filter bypass

Resources

Readme
Activity

Stars

90 stars

Watchers

5 watching

Forks

45 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages