I was reading SEO Black Hat during my lunch break, and it pointed me to RSnake's article on using GreaseMonkey to sniff out XSS attack vulnerabilities.  Since I'm a white hat SEO, I'll pretend I'm only interested in this stuff to the extent of attack prevention, so I added a few things to his proof of concept to make it more usable for that purpose (or any purpose, really).

First, we create a script that utilizes the last code-snippet I posted here that parses out the response codes from a HTTP document (LinkChecker.php), located here.

$header_result LinkChecker::getHeader($_REQUEST['text']);
$code = (int) LinkChecker::parseResponseCode($header_result);    
  if (!
$code) {
$code 'UNKNOWN';
header("Location: http://www.seoegghead.com/HTTP_codes/HTTP_$code.gif");

We name the file "xss_detect.php."  Then we modify RSnake's script with a few little features that make it much more usable casually.  We insert an image for various response codes, and a bright yellow one for a 301.  If you see a 301, you know it's an oppor … nerability.

Here is the modified script:

// ==UserScript==
// @name    redirect_seo_egghead
// @namespace    http://www.seoegghead.com/
// @description    Looks for things in the page that look like redirects and reports them - By RSnake, SEO Egghead
// @include    *
// ==/UserScript==

(function() {
  window.addEventListener("load", function(e) {
    for (i=0; i <= document.links.length; i++) {
      if (document.links[i].href.match(/http:\/\/.*http(:|%3A)(\/|%2F)(\/|%2F)/i)) {
    red_xss = new Image();
    red_xss.src = "http://YOUR_PHP_WEB_SITE_HERE.com/xss_detect.php?text=" + document.links[i];
  }, false);

Here's one example of a big fat vulnerability:

Here's a link to my site from theirs:

I left this script activated in greasemonkey, and I will be auditing all my sites this way. 

Tell an amigo:
  • Sphinn
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Facebook

Related posts:
XSS & HTML Injection are Frighteningly Trivial to Find at Harvard.edu This recent article mentions that XSS and HTML injection are...