13337

First off, I want to stress that the idea of an XSS fuzzer in GreaseMonkey is not my own unique idea - I saw WhiteAcid's XSS Assistant a few months ago and played with it a little bit with some success. However, his is very different from mine, mainly in that it is far more detailed and pretty than mine is. Well, I liked the concept of this XSS fuzzer, but I wanted to change how it worked. And so my GreaseMonkey XSS Fuzzer was born. It does have some setbacks:

• It can't test for individual vectors (ie: embedding an iframe or an evil stylesheet)
• It isn't 100% accurate - JavaScript regular expressions are hard enough as it is without parsing out every possible inaccuracy
• It doesn't produce very pretty output - you get a simple popup when the script finds a possible vulnerability

Also, be warned, if you do not want to audit a website, you must turn off GreaseMonkey or disable this plugin! It automatically tries to find vulnerabilities in any website you visit, so if, for instance, you are visiting your friend's website, you either need to add it to the exclusions list or turn the plugin off. All this aside, I feel that this is a fairly useful plugin for quickly assessing a website for basic XSS flaws. It fuzzes GET and POST forms, as well as looking for PHP_SELF bugs in form actions. I even found XSS bugs in some of the websites I used for JavaScript reference when writing the plugin! I hope you like it, and if you have any questions or comments, feel free to let me know.