WebApp Sec mailing list archives

Re: Execution of Javascript from PERL

From: Alex Russell <alex () netWindows org>
Date: Wed, 16 Apr 2003 09:53:53 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 17 April 2003 05:53 am, EEshwar wrote:

Hi,

We are developing a tool in PERL to analyze vulnerabilities like Cross-
site scripting etc. in web applications. This tool submits requests to a
web application, receives the response, fills up some of the form
parameters with XSS vulnerable strings and submits a request back to the
application. We are able to this without any problem. However if the
received response contains some javascript code meant to be executed in a
browser (for dynamically setting the values of parameters to be posted
etc.), we are unable to do a complete analysis. Do we have any modules in
PERL or any way to solve this problem?


I don't know of any Perl JS interpreters (but then I avoid Perl whenever 
possible).

As an alternative, the Mozilla project provides 2 stand-alone JavaScript 
interpreters:

http://www.mozilla.org/rhino/
http://www.mozilla.org/js/spidermonkey/

It might be possible to call or use one of these to assist in interpreting 
JS from Perl, however I think you're going to have some issues in providing 
a DOM for scripts to access.

HTH

- -- 
Alex Russell
alex () netWindows org
alex () SecurePipe com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+nW6PoV0dQ6uSmkYRAmS4AKCvyyB7n1X+CYkPCTQVeDUpNM8xMwCg1aSI
qRB2Tb+H+D35szG+Us/MysQ=
=/r1Q
-----END PGP SIGNATURE-----

Current thread:

Execution of Javascript from PERL EEshwar (Apr 17)
- Re: Execution of Javascript from PERL Alex Russell (Apr 17)
- <Possible follow-ups>
- RE: Execution of Javascript from PERL Brass, Phil (ISS Atlanta) (Apr 17)
  - Re: Execution of Javascript from PERL Martin Eiszner (Apr 17)