-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 17 April 2003 05:53 am, EEshwar wrote:
> Hi,
>
> We are developing a tool in PERL to analyze vulnerabilities like Cross-
> site scripting etc. in web applications. This tool submits requests to a
> web application, receives the response, fills up some of the form
> parameters with XSS vulnerable strings and submits a request back to the
> application. We are able to this without any problem. However if the
> received response contains some javascript code meant to be executed in a
> browser (for dynamically setting the values of parameters to be posted
> etc.), we are unable to do a complete analysis. Do we have any modules in
> PERL or any way to solve this problem?
I don't know of any Perl JS interpreters (but then I avoid Perl whenever
possible).
As an alternative, the Mozilla project provides 2 stand-alone JavaScript
interpreters:
http://www.mozilla.org/rhino/
http://www.mozilla.org/js/spidermonkey/
It might be possible to call or use one of these to assist in interpreting
JS from Perl, however I think you're going to have some issues in providing
a DOM for scripts to access.
HTH
- --
Alex Russell
alex_at_netWindows.org
alex_at_SecurePipe.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+nW6PoV0dQ6uSmkYRAmS4AKCvyyB7n1X+CYkPCTQVeDUpNM8xMwCg1aSI
qRB2Tb+H+D35szG+Us/MysQ=
=/r1Q
-----END PGP SIGNATURE-----
Received on Apr 17 2003
Intro
