https://stackoverflow.com/questions/20347235
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianAnswering my own question. Browser giving an alert message simply means that our the node is injected into DOM. By simply looking for the string that I injected in the response body, I could determine whether the given input is reflected through the browser without proper sanitization.
Identify Browser alert messges in Mechanize - Python
-
07-08-2022 - |
Question
I am trying to develop a small automated tool in python that can check Forms inputs of a web application for XSS vulnerability. I hope to do this using python mechanize library so that I can automate form filling and submit and get the response from the python code. Though mechanize is also works as a browser, is there a way to detect a browser alert message for an input containing a script. Or else is there any other library for python such that I can perform this functionality. Any sample code will be a great favor.
PS : I am trying to develop this so that I can find them in an application we are developing and include them in a report and NOT for Hacking purpose.
Thank you.
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
