Automatic XSS filter bypass
snuck is an automatic tool whose goal is to significantly test a given XSS filter by specializing the injections on the basis of the reflection context. This approach adopts Selenium to drive a web browser in reproducing both the attacker and the victim behavior.
Learn about snuck
Visit the tutorial for further information about the tool and the user guide.
The methodology, evaluation, and implementation of snuck is described in a technical report:
- Fabrizio d'Amore, Mauro Gentile: Automatic and Context-Aware Cross-Site Scripting Filter Evasion. Department of Computer, Control, and Management Engineering Antonio Ruberti Technical Reports, Technical Report n. 4, Sapienza University of Rome, 2012. [Paper]
snuck is released under the Apache 2.0 license.