KameleonFuzz: evolutionary fuzzing for black-box XSS detection

Fabien Duchene, Sanjay Rawat, Jean-Luc Richier, Roland Groz

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

Abstract

Fuzz testing consists in automatically generating and sending malicious inputs to an application in order to hopefully trigger a vulnerability. Fuzzing entails such questions as: Where to fuzz? Which parameter to fuzz? Where to observe its effects?
In this paper, we specifically address the questions: How to fuzz a parameter? How to observe its effects? To address these questions, we propose KameleonFuzz, a black-box Cross Site Scripting (XSS) fuzzer for web applications. KameleonFuzz can not only generate malicious inputs to exploit XSS, but also detect how close it is revealing a vulnerability. The malicious inputs generation and evolution is achieved with a genetic algorithm, guided by an attack grammar. A double taint inference, up to the browser parse tree, permits to detect precisely whether an exploitation attempt succeeded.

Our evaluation demonstrates no false positives and high XSS revealing capabilities: KameleonFuzz detects several vulnerabilities missed by other black-box scanners.
Original languageEnglish
Title of host publicationProceedings of the 4th ACM Conference on Data and application security and privacy
PublisherAssociation for Computing Machinery (ACM)
Pages37-48
Number of pages12
ISBN (Print)9781450322782
DOIs
Publication statusPublished - 1 Mar 2014
EventCODASPY Data and Application Security and Privacy, 4th ACM Conference 2014 - San Antonio, Texas, United States
Duration: 1 Mar 2014 → …

Conference

ConferenceCODASPY Data and Application Security and Privacy, 4th ACM Conference 2014
CountryUnited States
CityTexas
Period1/03/14 → …

Fingerprint

Dive into the research topics of 'KameleonFuzz: evolutionary fuzzing for black-box XSS detection'. Together they form a unique fingerprint.

Cite this