A Crawler-Based Vulnerability Detection Method for Cross-Site Scripting Attacks

Abstract

Cross-site scripting attacks, as a means of attack against Web applications, are widely used in phishing, information theft and other fields by unscrupulous people because of their wide targeting and hidden implementation methods. Nevertheless, cross-site scripting vulnerability detection is still in its infancy, with plenty of challenges not yet fully explored. In this paper, we propose Crawler-based Cross Site Scripting Detector, a tool based on crawler technology that can effectively detect stored Cross Site Scripting vulnerabilities and reflected Cross Site Scripting vulnerabilities. Subsequently, in order to verify the effectiveness of the tool, we experim ented this tool with existing tools such as XSSer and Burp Suite by selecting 100 vulnerable websites for the tool's efficiency, false alarm rate and underreporting rate. The results show that our tool can effectively detect Cross Site Scripting vulnerabilities.