WebApp Sec mailing list archives
Re: Execution of Javascript from PERL
From: Alex Russell <alex () netWindows org>
Date: Wed, 16 Apr 2003 09:53:53 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 17 April 2003 05:53 am, EEshwar wrote:
Hi, We are developing a tool in PERL to analyze vulnerabilities like Cross- site scripting etc. in web applications. This tool submits requests to a web application, receives the response, fills up some of the form parameters with XSS vulnerable strings and submits a request back to the application. We are able to this without any problem. However if the received response contains some javascript code meant to be executed in a browser (for dynamically setting the values of parameters to be posted etc.), we are unable to do a complete analysis. Do we have any modules in PERL or any way to solve this problem?
I don't know of any Perl JS interpreters (but then I avoid Perl whenever possible). As an alternative, the Mozilla project provides 2 stand-alone JavaScript interpreters: http://www.mozilla.org/rhino/ http://www.mozilla.org/js/spidermonkey/ It might be possible to call or use one of these to assist in interpreting JS from Perl, however I think you're going to have some issues in providing a DOM for scripts to access. HTH - -- Alex Russell alex () netWindows org alex () SecurePipe com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+nW6PoV0dQ6uSmkYRAmS4AKCvyyB7n1X+CYkPCTQVeDUpNM8xMwCg1aSI qRB2Tb+H+D35szG+Us/MysQ= =/r1Q -----END PGP SIGNATURE-----
Current thread:
- Execution of Javascript from PERL EEshwar (Apr 17)
- Re: Execution of Javascript from PERL Alex Russell (Apr 17)
- <Possible follow-ups>
- RE: Execution of Javascript from PERL Brass, Phil (ISS Atlanta) (Apr 17)
- Re: Execution of Javascript from PERL Martin Eiszner (Apr 17)