Webscarab XSS-CRLF plugin - Revision history

Wichers at 18:23, 2 July 2010

2010-07-02T18:23:58Z

Meder: /* Overview */

2007-07-30T12:59:13Z

‎Overview

RoganDawes: minor grammatical fixes

2007-06-05T20:07:13Z

minor grammatical fixes

Meder: /* Overview */

2007-06-05T17:46:47Z

‎Overview

Meder: /* Overview */

2007-06-05T17:45:57Z

‎Overview

Meder: /* Overview */

2007-06-05T17:45:17Z

‎Overview

Meder: /* Limitations */

2007-06-05T17:43:09Z

‎Limitations

Meder at 17:41, 5 June 2007

2007-06-05T17:41:30Z

Meder: /* Limitations */

2007-06-05T17:38:40Z

‎Limitations

Meder: New page: ==The XSS/CRLF Injection plugin== ===Overview=== The XSS/CRLF plugin examines suspicious HTTP requests for cross-site scripting and CRLF injection (HTTP response splitting) vulnerabiliti...

2007-06-05T17:37:39Z

New page: ==The XSS/CRLF Injection plugin== ===Overview=== The XSS/CRLF plugin examines suspicious HTTP requests for cross-site scripting and CRLF injection (HTTP response splitting) vulnerabiliti...

New page

==The XSS/CRLF Injection plugin==

===Overview===

The XSS/CRLF plugin examines suspicious HTTP requests for cross-site scripting and CRLF injection (HTTP response splitting) vulnerabilities. Unlike other tools, plugin doesn't crawl the site trying to discover vulnerable URLs, instead it passively analyzes all HTTP conversations passing through WebScarab. The plugin will inspect each request and response too check if:

* Any value of GET/POST parameters is reflected in body of HTTP response, which indicates a potential for a reflected XSS vulnerability;
* Any value of GET/POST parameters is reflected in HTTP headers of HTTP response, which indicates a potential for a CRLF injection vulnerability;

The table in the upper half of the plugin's window will show all suspicious HTTP requests. By clicking the "Check" button plugin will attempt to perform a test to check whether test strings for XSS and CRLF injection vulnerabilities pass through successfully. '''NOTE:''' depending on vulnerability specifics and application, automated testing may not produce reliable results (e.g. less than and greater than characters are filtered, however exploitation of XSS is still possible without the use of these characters, for example if XSS occurs within the 'script' tag).

For XSS, plugin will send a user-controlled XSS test string as a value of a potentially vulnerable parameter and check the response body for the presence of the test string, if the string was discovered it may indicate that application is vulnerable to cross-site scripting vulnerability. For CRLF injection (HTTP response splitting), plugin will again send user-controlled CRLF test string, which is supposed to create new HTTP header, as a value of a potentially vulnerable parameter and check the response HTTP headers for the presence of new HTTP header created by CRLF test string, if the header is present it may indicated that application is vulnerable to cross-site scripting vulnerability.

===Limitations===

Stored cross-site scripting vulnerabilities aren't supported yet.

@@ Line 20: / Line 20: @@
 Stored cross-site scripting vulnerabilities aren't supported yet.
 [[Category:OWASP WebScarab Project]]
 [[Category:OWASP Testing Project]]

@@ Line 8: / Line 8: @@
 * Any value of the GET/POST parameters is reflected in the HTTP headers of the HTTP response, which indicates a potential for a CRLF injection vulnerability;
-The table in the upper half of the plugin's window will show all suspicious HTTP requests. By clicking the "Check" button, the  plugin will attempt to perform a test to check whether the test strings for XSS and CRLF injection vulnerabilities pass through successfully.
+The table in the upper half of the plugin's window will show all suspicious HTTP requests. By clicking the "Check" button, the  plugin will attempt to perform a test to check whether the test strings for XSS and CRLF injection vulnerabilities pass through successfully. If check on a particular conversation was successful (i.e. test string went through or new HTTP header was created) the conversation will appear in the table below. If none of the test were successful lower table will be empty.
 '''NOTE:''' depending on vulnerability specifics and application, automated testing may not produce reliable results (e.g. less than and greater than characters are filtered, however exploitation of XSS is still possible without use of these characters, for example if XSS occurs within the 'script' tag).

← Older revision		Revision as of 17:43, 5 June 2007
Line 15:		Line 15:

	Stored cross-site scripting vulnerabilities aren't supported yet.		Stored cross-site scripting vulnerabilities aren't supported yet.
−	[[Category:OWASP WebScarab Project\|OWASP Top Ten Project\|OWASP Testing Project]]	+	[[Category:OWASP WebScarab Project]]
		+	[[Category:OWASP Top Ten Project]]
		+	[[Category:OWASP Testing Project]]

← Older revision		Revision as of 17:41, 5 June 2007
Line 15:		Line 15:

	Stored cross-site scripting vulnerabilities aren't supported yet.		Stored cross-site scripting vulnerabilities aren't supported yet.
		+	[[Category:OWASP WebScarab Project\|OWASP Top Ten Project\|OWASP Testing Project]]

← Older revision		Revision as of 17:38, 5 June 2007
Line 14:		Line 14:
	===Limitations===		===Limitations===

−	Stored cross-site scripting vulnerabilities aren't supported yet.	+	Stored cross-site scripting vulnerabilities aren't supported yet.

@@ Line 3: / Line 3: @@
 ===Overview===
-The XSS/CRLF plugin examines suspicious HTTP requests for cross-site scripting and CRLF injection (HTTP response splitting) vulnerabilities. Unlike other tools, plugin doesn't crawl the site trying to discover vulnerable URLs, instead it passively analyzes all HTTP conversations passing through WebScarab. The plugin will inspect each request and response too check if:
+The XSS/CRLF plugin examines suspicious HTTP requests for cross-site scripting and CRLF injection (HTTP response splitting) vulnerabilities. Unlike other tools, the plugin doesn't crawl the site trying to discover vulnerable URLs, instead it passively analyzes all HTTP conversations passing through WebScarab. The plugin will inspect each request and response to check if:
-* Any value of GET/POST parameters is reflected in body of HTTP response, which indicates a potential for a reflected XSS vulnerability;
+* Any value of the GET/POST parameters is reflected in the body of the HTTP response, which indicates a potential for a reflected XSS vulnerability;
-* Any value of GET/POST parameters is reflected in HTTP headers of HTTP response, which indicates a potential for a CRLF injection vulnerability;
+* Any value of the GET/POST parameters is reflected in the HTTP headers of the HTTP response, which indicates a potential for a CRLF injection vulnerability;
-The table in the upper half of the plugin's window will show all suspicious HTTP requests. By clicking the "Check" button plugin will attempt to perform a test to check whether test strings for XSS and CRLF injection vulnerabilities pass through successfully.
+The table in the upper half of the plugin's window will show all suspicious HTTP requests. By clicking the "Check" button, the  plugin will attempt to perform a test to check whether the test strings for XSS and CRLF injection vulnerabilities pass through successfully.
 '''NOTE:''' depending on vulnerability specifics and application, automated testing may not produce reliable results (e.g. less than and greater than characters are filtered, however exploitation of XSS is still possible without use of these characters, for example if XSS occurs within the 'script' tag).
-For XSS, plugin will send a user-controlled XSS test string as a value of a potentially vulnerable parameter and check the response body for the presence of the test string, if the string was discovered it may indicate that application is vulnerable to cross-site scripting vulnerability.
+For XSS, the plugin will send a user-controlled XSS test string as the value of a potentially vulnerable parameter and check the response body for the presence of the test string, if the string was discovered it may indicate that application is vulnerable to cross-site scripting vulnerability.
-For CRLF injection (HTTP response splitting), plugin will again send user-controlled CRLF test string, which is supposed to create new HTTP header, as a value of a potentially vulnerable parameter and check the response HTTP headers for the presence of new HTTP header created by CRLF test string, if the header is present it may indicated that application is vulnerable to cross-site scripting vulnerability.
+For CRLF injection (HTTP response splitting), the plugin will again send the user-controlled CRLF test string, which is supposed to create a new HTTP header, as a value of a potentially vulnerable parameter and check the response HTTP headers for the presence of the new HTTP header created by CRLF test string. If the header is present it may indicated that application is vulnerable to response splitting.
 ===Limitations===

@@ Line 10: / Line 10: @@
 The table in the upper half of the plugin's window will show all suspicious HTTP requests. By clicking the "Check" button plugin will attempt to perform a test to check whether test strings for XSS and CRLF injection vulnerabilities pass through successfully.
-'''NOTE:''' depending on vulnerability specifics and application, automated testing may not produce reliable results (e.g. less than and greater than characters are filtered, however exploitation of XSS is still possible without the use of these characters, for example if XSS occurs within the 'script' tag).
+'''NOTE:''' depending on vulnerability specifics and application, automated testing may not produce reliable results (e.g. less than and greater than characters are filtered, however exploitation of XSS is still possible without use of these characters, for example if XSS occurs within the 'script' tag).
 For XSS, plugin will send a user-controlled XSS test string as a value of a potentially vulnerable parameter and check the response body for the presence of the test string, if the string was discovered it may indicate that application is vulnerable to cross-site scripting vulnerability. For CRLF injection (HTTP response splitting), plugin will again send user-controlled CRLF test string, which is supposed to create new HTTP header, as a value of a potentially vulnerable parameter and check the response HTTP headers for the presence of new HTTP header created by CRLF test string, if the header is present it may indicated that application is vulnerable to cross-site scripting vulnerability.