| As one of the most frequently used attack methods in web application security field,Cross-Site Scripting(XSS)has widely attracted the focus of the people.The DOM based XSS vulnerability is a kind of XSS based on the Document Object Model(DOM),also called the third type XSS.The DOM based XSS has two Features: First,malicious scripts of the DOM based XSS do not appear in the HTTP response.Second,the whole attack procedure of the DOM based XSS attack is happened at client side.Therefore,the traditional detection method for the reflected XSS and the stored XSS are not applicable to the DOM based XSS.The investigation of the DOM based XSS is still weak and na?ve.Most of the researchers concentrate on three detecting methods: the black-box fuzzing,the static analysis,and the dynamic analysis.However,the black-box fuzzing and the static analysis suffer much from the high false negative rate and the high false positive rate respectively.The designing and realizing of the dynamic analysis are complex and expensive,though it can achieve reasonable results.This thesis proposes a detection method to detect the DOM based XSS by using Dynamic Taint-tracking at the client side.Alternatively,we create new data types and methods for tainting the process in the client which cover all JavaScript features and DOM APIs.Furthermore,during the parsing of pages,our detecting method taints all sources,sinks and intermediate processes so that we can analyze the tainted traces.According to the analysis of the tainted traces,we determine attack vectors to verify the vulnerability automatically.Furthermore,we applied our detecting method by modifying the WebCore and JavaScriptCore engines.We realize a prototype detect system which consists of the URL crawler module,the task scheduling module,the verification module,the detecting module and the UI module.The experimental result shows that our method is more effective than traditional methods. |
PDF Full Text Request