|
WebApp Sec
mailing list archives
Re: Execution of Javascript from PERL
From: Alex Russell <alex () netWindows org>
Date: Wed, 16 Apr 2003 09:53:53 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 17 April 2003 05:53 am, EEshwar wrote:
Hi,
We are developing a tool in PERL to analyze vulnerabilities like Cross-
site scripting etc. in web applications. This tool submits requests to a
web application, receives the response, fills up some of the form
parameters with XSS vulnerable strings and submits a request back to the
application. We are able to this without any problem. However if the
received response contains some javascript code meant to be executed in a
browser (for dynamically setting the values of parameters to be posted
etc.), we are unable to do a complete analysis. Do we have any modules in
PERL or any way to solve this problem?
I don't know of any Perl JS interpreters (but then I avoid Perl whenever
possible).
As an alternative, the Mozilla project provides 2 stand-alone JavaScript
interpreters:
http://www.mozilla.org/rhino/
http://www.mozilla.org/js/spidermonkey/
It might be possible to call or use one of these to assist in interpreting
JS from Perl, however I think you're going to have some issues in providing
a DOM for scripts to access.
HTH
- --
Alex Russell
alex () netWindows org
alex () SecurePipe com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+nW6PoV0dQ6uSmkYRAmS4AKCvyyB7n1X+CYkPCTQVeDUpNM8xMwCg1aSI
qRB2Tb+H+D35szG+Us/MysQ=
=/r1Q
-----END PGP SIGNATURE-----
 By Date 
By Thread
Current thread:
| 
Intro
