计算机应用 ›› 2021, Vol. 41 ›› Issue (9): 2594-2601.DOI: 10.11772/j.issn.1001-9081.2020111770

所属专题: 网络空间安全

• 网络空间安全 • 上一篇    下一篇

基于模糊测试的反射型跨站脚本漏洞检测

倪萍, 陈伟   

  1. 南京邮电大学 计算机学院, 南京 210023
  • 收稿日期:2020-11-13 修回日期:2021-01-13 出版日期:2021-09-10 发布日期:2021-05-08
  • 通讯作者: 陈伟
  • 作者简介:倪萍(1995-),女,江苏南通人,硕士研究生,主要研究方向:Web安全;陈伟(1979-),男,江苏淮安人,教授,博士,CCF会员,主要研究方向:僵尸网络、无线通信网安全。
  • 基金资助:
    国家重点研发计划项目(2019YFB2101704)。

Reflective cross-site scripting vulnerability detection based on fuzzing test

NI Ping, CHEN Wei   

  1. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing Jiangsu 210023, China
  • Received:2020-11-13 Revised:2021-01-13 Online:2021-09-10 Published:2021-05-08
  • Supported by:
    This work is partially supported by the National Key Research and Development Program of China (2019YFB2101704)

摘要: 针对目前现代万维网(WWW)应用程序中跨站脚本(XSS)漏洞检测技术存在的效率低,以及漏报率、误报率高等问题,提出了一个基于模糊测试的反射型XSS漏洞检测系统。首先,通过网络爬虫技术爬取整站指定深度的网页链接并对其进行分析,从而提取出潜在的用户注入点;其次,根据攻击载荷的语法形式构造模糊测试用例,并为每个元素设置初始权重,依据注入探子向量来获取输出点类型,从而选择对应的攻击语法模式来构造较有潜力的攻击载荷,并对其进行变异操作以形成变异攻击载荷来作为请求参数;然后,对网站响应进行分析,并调整元素的权重,以便生成更加高效的攻击载荷;最后,将该系统与ZAP、Wapiti系统做横向对比。实验结果表明,所提系统能够发现的潜在用户注入点数提升了12.5%,漏洞误报率下降至0.37%,漏报率低于2.23%;同时减少了请求次数,节约了检测时间。

关键词: 跨站脚本漏洞检测, 爬虫, 模糊测试, 探子向量, 攻击载荷, 权重调整

Abstract: In view of the low efficiency, high false negative rate and high false positive rate of Cross-Site Scripting (XSS) vulnerability detection technology in current World Wide Web (WWW) applications, a reflective XSS vulnerability detection system based on fuzzing test was proposed. First, the Web crawler technology was used to crawl the Web page links with specified depth in the whole website and analyze them, so as to extract the potential user injection points. Secondly, a fuzzing test case was constructed according to the grammatical form of the attack payload, and an initial weights was set for each element, according to the injected probe vector, the output point type was obtained to select the corresponding attack grammatical form for constructing potential attack payload, and it was mutated to form a mutated attack payload as the request parameter. Thirdly, the website response was analyzed and the weights of the elements were adjusted to generate a more efficient attack payload. Finally, this proposed system was compared horizontally with OWASP Zed Attack Proxy (ZAP) and Wapiti systems. Experimental results show that the number of potential user injection points found by the proposed system is increased by more than 12.5%, the false positive rate of the system is dropped to 0.37%, and the false negative rate of the system is lower than 2.23%. At the same time, this system reduces the number of requests and saves the detection time.

Key words: Cross-Site Scripting (XSS) vulnerability detection, crawler, fuzzing test, probe vector, attack payload, weight adjustment

中图分类号: