Paper Info
Title
KameleonFuzz: evolutionary fuzzing for black-box XSS detection
Abstract
Fuzz testing consists in automatically generating and sending malicious inputs to an application in order to hopefully trigger a vulnerability. Fuzzing entails such questions as: Where to fuzz? Which parameter to fuzz? Where to observe its effects? In this paper, we specifically address the questions: How to fuzz a parameter? How to observe its effects? To address these questions, we propose KameleonFuzz, a black-box Cross Site Scripting (XSS) fuzzer for web applications. KameleonFuzz can not only generate malicious inputs to exploit XSS, but also detect how close it is revealing a vulnerability. The malicious inputs generation and evolution is achieved with a genetic algorithm, guided by an attack grammar. A double taint inference, up to the browser parse tree, permits to detect precisely whether an exploitation attempt succeeded. Our evaluation demonstrates no false positives and high XSS revealing capabilities: KameleonFuzz detects several vulnerabilities missed by other black-box scanners.
Year
DOI
Venue
2014
10.1145/2557547.2557550
CODASPY
Keywords
Field
DocType
black-box xss detection,browser parse tree,double taint inference,evolutionary fuzzing,malicious inputs generation,malicious input,attack grammar,high xss revealing capability,fuzz testing,black-box cross site scripting,black-box scanner,exploitation attempt,evolutionary algorithm,fuzzing,cross site scripting
Black box (phreaking),Data mining,Parse tree,Fuzz testing,Computer security,Computer science,Exploit,Cross-site scripting,Web application,Genetic algorithm,False positive paradox
Conference
Citations 
PageRank 
References 
20
0.80
17
Authors
4
Name
Order
Citations
PageRank
Fabien Duchene140219.73
Sanjay Rawat214610.59
Jean-Luc Richier335945.60
Roland Groz449650.60