基于DOM状态转换检测XSS漏洞  被引量：2

作　　者：王丹 刘立家 林九川[2] 赵文兵 杜晓林 WANG Dan;LIU Lijia;LIN Jiuchuan;ZHAO Wenbing;DU Xiaolin(Faculty of Information Technology,Beijing University of Technology,Beijing 100124,China;;Key Lab of Information Network Security of Ministry of Public Security,The Third Research Institute of Ministry Public Security,Shanghai 200031,China)

机构地区：[1]北京工业大学信息学部,北京100124 [2]公安部第三研究所信息网络安全公安部重点实验室,上海200031

出　　处：《北京工业大学学报》2018年第9期1208-1216,共9页Journal of Beijing University of Technology

基　　金：北京市自然科学基金资助项目(4173072);信息网络安全公安部重点实验室开放课题资助项目(C17613)

摘　　要：为提升跨站脚本(cross site scripting,XSS)漏洞检测中对隐藏注入点的扫描覆盖率,有效判定是否存在XSS漏洞攻击,提出构建Web应用文档对象模型(document object model,DOM)状态转换图搜索XSS漏洞注入点的方法.该方法以DOM状态为节点,以浏览器事件为边对Web应用建模,结合页面分析和代理技术来识别漏洞注入点,提高XSS漏洞注入点判定准确率.首先分析页面中带参数的统一资源定位符(uniform resource locator,URL)和Form表单,并尝试触发页面元素的浏览器事件来检测其是否含有数据请求,以判定Web页面是否有疑似漏洞注入点;进一步利用探子向量进行测试,并根据探子向量的输出位置,对注入点进行分类并保存.之后,基于变异操作和过滤逃逸技术对XSS过滤逃避欺骗备忘单进行转换来设计攻击向量,对已发现的漏洞注入点进行测试,并设计多种方法对不同响应结果进行分析.最后,通过实验对比,验证了其有效性.To improve the hidden injection point scanning coverage of cross site scripting(XSS)vulnerability detection and effectively determine whether there is XSS vulnerability attacks,a method was proposed to construct the Web state transition graph of the Web application,and to search the XSS vulnerability injection point during the construction of the graph.The document object model(DOM)state was used as the node,and the browser event as the edge to model the Web application and identify the hidden injection point.In the meanwhile,Web page analysis was combined with agent technology to enhance the judgment accuracy of the injection point.Firstly,the presence of the Web page was analyzed with the reference uniform resource locator(URL)and Form.Then,the Web page爷s element of the browser event was triggered to detect whether it contained the relevant data request,and to determine whether the Web page had a suspected vulnerability injection point.Thirdly,the suspected injection point was tested by using the probe vector technique.According to the output position of the probe vector,the injection point was classified and saved.In order to effectively determine whether there existed XSS vulnerability attack in the injection point,XSS Filter Evasion Cheat Sheet was transformed based on mutation operation and filtering escape technique.The attack vector with higher success rate was designed and classified according to the different response position.According to the different response location,the attack vector,the injection point and the injection attack result were classified,and different response result methods were designed to analyze whether there was XSS vulnerability.Finally,based on the above method,the XSS vulnerability detection system was designed and implemented,and the experimental comparison was carried out to verify its effectiveness.

关 键 词：跨站脚本(XSS)漏洞 文档对象模型(DOM) 状态转换图 爬虫 Selenium 

分 类 号：TP308[自动化与计算机技术—计算机系统结构]