基于AST分析与Fuzzing的反射型XSS漏洞识别模型  被引量：4

作　　者：郭晓军[1,2] 闫宇辰 吴志浩 GUO Xiaojun;YAN Yuchen;WU Zhihao(School of Information Engineering,Xizang Minzu University,Xianyang 712082,Shaanxi,China;Key Laboratory of Optical Information Processing and Visualization Technology of Tibet Autonomous Region,Xizang Minzu University,Xianyang 712082,Shaanxi,China)

机构地区：[1]西藏民族大学信息工程学院,陕西咸阳712082 [2]西藏民族大学西藏自治区光信息处理与可视化技术重点实验室,陕西咸阳712082

出　　处：《实验室研究与探索》2022年第10期49-53,共5页Research and Exploration In Laboratory

基　　金：西藏自治区自然科学基金项目(XZ2019ZRG-36(Z));西藏民族大学项目(324011810216,324042000709)。

摘　　要：针对Web应用中反射型XSS检测效率较低、误报率较高的问题,提出一种基于AST分析和Fuzzing的反射型XSS漏洞识别模型。通过发送探针载荷请求目标Web页面,根据AST语法树解析结果,初步判定该Web页面存在反射型XSS漏洞的可能性。再根据探针载荷回显位置确认该页面中可疑XSS注入点,选择对应的逃逸技术和逃逸行为生成初始攻击载荷。将初始攻击载荷与绕过规则库相结合,生成攻击向量库,对可疑注入点进行Fuzzing,以确认是否存在反射型XSS漏洞。实验结果表明,相较于Burp Suite和AWVS,在相同漏洞环境中,此模型检测时平均请求次数较少。在保证较低误报率的同时,有较高的检测效率。In view of the low detection efficiency and high false alarm rate of reflected XSS in Web applications,a reflected XSS vulnerability identification model based on AST analysis and Fuzzing is proposed.By sending the probe payload to request the target Web page,and according to the analysis result of the AST syntax tree,it is preliminarily determined that the Web page has the possibility of reflected XSS vulnerabilities.Then we confirm the suspicious XSS injection point in the Web page according to the echo position of the probe payload,and select the corresponding escape technology and escape behavior to generate the initial attack payload.The initial attack load is combined with the bypass rule library to generate an attack vector library,and fuzz the suspiciousinjection points to confirm whether there is a reflected XSS vulnerability.Experimental results show that compared with the Burp Suite and AWVS,in the same vulnerability environment,the average number of requests during detection is less.Itensuresa low false alarm rate,andhas a high detection efficiency.

关 键 词：漏洞检测 反射型XSS漏洞 AST分析 模糊测试 攻击载荷 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]