Hello all,
I wanted to share some Codename SCNR scripting kung-fu with you.
This is something you can use post-scan, to exploit/validate your DOM XSS vulnerabilities.
It can get tedious repeating the same steps manually over and over while exploring DOM XSS, but this script will help you automate the boring parts and leave you with all the fun.
It will also allow you to intercept and inspect HTTP traffic from Ruby, in the form of HTTP::Request and HTTP::Response objects.
In addition, you can still also chain Burp or ZAP to further your investigation.
Happy scanning!
- Tasos L.
A story of curiosity, experimentation, development, million euro deal, fraudsters, abandonment and revitalization.
From the inception of the F/OSS Arachni WebAppSec scanner to the opening of Ecsypno’s doors with its flagship product Codename SCNR.