KameleonFuzz: Evolutionary Fuzzing for Black-Box XSS Detection

Abstract : We present a black-box based smart fuzzing approach to detect cross-site scripting (XSS) vulnerabilities in web applications. The smartness is attributed to model inference and automated malicious input generation. The former is implemented as a state-aware crawler which models the application as an automaton. The second component, evolutionary fuzzing, uses genetic algorithm (GA). To limit its search space, we introduce an Attack Grammar that mimics attackers by generating malicious inputs. XSS are characterized by a relationship between tainted input and output of the web application. In black-box testing, precisely capturing this relationship is a non-trivial task that we solve using taint inference techniques. By doing so, we focus only on the transitions wherein this relationship holds and thereby avoid to fuzz the whole system. GA automates the process of generating inputs by considering the states of the application and evolving the inputs to trigger XSS, if any. Empirical evaluation shows that our fuzzer detects vulnerabilities missed by other blackbox scanners.
Type de document :
Communication dans un congrès
Fourth ACM Conference on Data and Application Security and Privacy (CODASPY 2014), 2014, Unknown, ACM, pp.37-48, 2014, 〈10.1145/2557547.2557550〉
Liste complète des métadonnées

https://hal.inria.fr/hal-00976132
Contributeur : Catherine Oriat <>
Soumis le : mercredi 9 avril 2014 - 16:40:07
Dernière modification le : jeudi 11 octobre 2018 - 08:48:04

Identifiants

Collections

Citation

Fabien Duchene, Sanjay Rawat, Jean-Luc Richier, Roland Groz. KameleonFuzz: Evolutionary Fuzzing for Black-Box XSS Detection. Fourth ACM Conference on Data and Application Security and Privacy (CODASPY 2014), 2014, Unknown, ACM, pp.37-48, 2014, 〈10.1145/2557547.2557550〉. 〈hal-00976132〉

Partager

Métriques

Consultations de la notice

277