Landing XSS Inject
XSS Inject is the latest tools to be made available online. The tool, as it stands at the moment, allows you to quickly fuzz the provided request with various XSS payloads. The idea behind the tool is to enable you to do further semi-automated testing on specific parts of the target application which exhibit xss-like behaviour. Unlike traditional fuzzers, XSS inject will not only detect when an injection occurs but also tell you about any other bugs which may occur as a side-effect of the testing.
You start the tool by providing a request for fuzzing - it can be any kind of request. When you click on the start button the test will be on its way and you will notice requests generated in the transactions view on the right-side of the window.
The test progress and identified issues will be generated in the report view placed at the centre of the window.
As you can see, it is relatively straightforward.
We are still polishing bugs but the tool is already useful. We are also looking at various databases in order to augment the signature list and improve the test quality. We recon we can complete the tool by the end of next week but it is already readily available to subscribed customers. Customers who are currently using the trial period can also use the tool immediately.