Ra.2 - Blackbox DOM XSS Scanner Released - Hacking Tools Download Download Hacking Tools at 'Tools Yard': Ra.2 - Blackbox DOM XSS Scanner Released

Ra.2 - Blackbox DOM XSS Scanner Released

Labels:
, , , , ,

Ra.2 - Blackbox DOM-based XSS Scanner is a approach towards finding a solution to the problem of detecting DOM-based Cross-Site Scripting vulnerabilities in Web-Application automatically, effectively and fast.

Ra.2 is basically a lighweight Mozilla Firefox Add-on that uses a very simple yet effective and unique approach to detect most DOM-based XSS vulnerabilities, if not all.

Being a browser-add on it is a session-aware tool which can scan a web-application that requires authentication. Ra.2 uses custom collected list of XSS vectors which has been heavily modified to be compatible with its scanning technology. The add-on also implements basic browser intrumentation to simulate a human interaction to trigger some hard to detect DOM-based XSS conditions.

Features
  • False positive free by design: Vulnerable URLs are saved in DB, if and only if, our payload is executed successfully by the browser. Hence marked exploitable. If isn't false-positive, it's a bug! Report us :-)
  • Large collection of injection vectors, includes “modified” R’Snake’s vectors as well.
  • Supports transforming Unicode characters for testing content aware application.
  • Automatically handles JavaScript obfuscation/compression, as it relies on native interpreter.
  • Fast and light-weight.
  • Pretty easy learning curve. Point-n-Click.


Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email

Posted by Mohit Kumar at Wednesday, October 03, 2012  

The Hacker News - Daily Updates