KameleonFuzz: evolutionary fuzzing for black-box XSS detection

CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI:10.1145/2557547.2557550

F. Duchene, Sanjay Rawat, J. Richier, Roland Groz

{"title":"KameleonFuzz: evolutionary fuzzing for black-box XSS detection","authors":"F. Duchene, Sanjay Rawat, J. Richier, Roland Groz","doi":"10.1145/2557547.2557550","DOIUrl":null,"url":null,"abstract":"Fuzz testing consists in automatically generating and sending malicious inputs to an application in order to hopefully trigger a vulnerability. Fuzzing entails such questions as: Where to fuzz? Which parameter to fuzz? Where to observe its effects?\n In this paper, we specifically address the questions: How to fuzz a parameter? How to observe its effects? To address these questions, we propose KameleonFuzz, a black-box Cross Site Scripting (XSS) fuzzer for web applications. KameleonFuzz can not only generate malicious inputs to exploit XSS, but also detect how close it is revealing a vulnerability. The malicious inputs generation and evolution is achieved with a genetic algorithm, guided by an attack grammar. A double taint inference, up to the browser parse tree, permits to detect precisely whether an exploitation attempt succeeded.\n Our evaluation demonstrates no false positives and high XSS revealing capabilities: KameleonFuzz detects several vulnerabilities missed by other black-box scanners.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"7 1","pages":"37-48"},"PeriodicalIF":0.0000,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"94","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2557547.2557550","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 94

Abstract

Fuzz testing consists in automatically generating and sending malicious inputs to an application in order to hopefully trigger a vulnerability. Fuzzing entails such questions as: Where to fuzz? Which parameter to fuzz? Where to observe its effects? In this paper, we specifically address the questions: How to fuzz a parameter? How to observe its effects? To address these questions, we propose KameleonFuzz, a black-box Cross Site Scripting (XSS) fuzzer for web applications. KameleonFuzz can not only generate malicious inputs to exploit XSS, but also detect how close it is revealing a vulnerability. The malicious inputs generation and evolution is achieved with a genetic algorithm, guided by an attack grammar. A double taint inference, up to the browser parse tree, permits to detect precisely whether an exploitation attempt succeeded. Our evaluation demonstrates no false positives and high XSS revealing capabilities: KameleonFuzz detects several vulnerabilities missed by other black-box scanners.

查看原文本刊更多论文

进化模糊黑盒XSS检测

模糊测试包括自动生成和发送恶意输入到应用程序，以便触发漏洞。模糊处理涉及以下问题:在哪里模糊处理?要模糊哪个参数?在哪里观察它的效果?在本文中，我们专门讨论了以下问题:如何模糊参数?如何观察其效果?为了解决这些问题，我们提出了KameleonFuzz，一个用于web应用程序的黑盒跨站点脚本(XSS)模糊器。KameleonFuzz不仅可以生成恶意输入来利用XSS，还可以检测出它暴露漏洞的程度。在攻击语法的指导下，利用遗传算法实现恶意输入的生成和进化。双重污染推理，直到浏览器解析树，允许精确地检测利用尝试是否成功。我们的评估显示没有误报和高XSS揭示能力:KameleonFuzz检测到其他黑箱扫描仪遗漏的几个漏洞。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy

自引率

0.00%

发文量