Abstract | ||
---|---|---|
Fuzz testing consists in automatically generating and sending malicious inputs to an application in order to hopefully trigger a vulnerability. Fuzzing entails such questions as: Where to fuzz? Which parameter to fuzz? Where to observe its effects? In this paper, we specifically address the questions: How to fuzz a parameter? How to observe its effects? To address these questions, we propose KameleonFuzz, a black-box Cross Site Scripting (XSS) fuzzer for web applications. KameleonFuzz can not only generate malicious inputs to exploit XSS, but also detect how close it is revealing a vulnerability. The malicious inputs generation and evolution is achieved with a genetic algorithm, guided by an attack grammar. A double taint inference, up to the browser parse tree, permits to detect precisely whether an exploitation attempt succeeded. Our evaluation demonstrates no false positives and high XSS revealing capabilities: KameleonFuzz detects several vulnerabilities missed by other black-box scanners. |
Year | DOI | Venue |
---|---|---|
2014 | 10.1145/2557547.2557550 | CODASPY |
Keywords | Field | DocType |
black-box xss detection,browser parse tree,double taint inference,evolutionary fuzzing,malicious inputs generation,malicious input,attack grammar,high xss revealing capability,fuzz testing,black-box cross site scripting,black-box scanner,exploitation attempt,evolutionary algorithm,fuzzing,cross site scripting | Black box (phreaking),Data mining,Parse tree,Fuzz testing,Computer security,Computer science,Exploit,Cross-site scripting,Web application,Genetic algorithm,False positive paradox | Conference |
Citations | PageRank | References |
20 | 0.80 | 17 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Fabien Duchene | 1 | 402 | 19.73 |
Sanjay Rawat | 2 | 146 | 10.59 |
Jean-Luc Richier | 3 | 359 | 45.60 |
Roland Groz | 4 | 496 | 50.60 |