Answering my own question. Browser giving an alert message simply means that our the node is injected into DOM. By simply looking for the string that I injected in the response body, I could determine whether the given input is reflected through the browser without proper sanitization.
Identify Browser alert messges in Mechanize - Python
-
07-08-2022 - |
Question
I am trying to develop a small automated tool in python that can check Forms inputs of a web application for XSS vulnerability. I hope to do this using python mechanize library so that I can automate form filling and submit and get the response from the python code. Though mechanize is also works as a browser, is there a way to detect a browser alert message for an input containing a script. Or else is there any other library for python such that I can perform this functionality. Any sample code will be a great favor.
PS : I am trying to develop this so that I can find them in an application we are developing and include them in a report and NOT for Hacking purpose.
Thank you.
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow