Detecting XSS Vulnerability Based on DOM State Transition

To improve the hidden injection point scanning coverage of cross site scripting(XSS) vulnerability detection and effectively determine whether there is XSS vulnerability attacks, a method was proposed to construct the Web state transition graph of the Web application, and to search the XSS vulnerability injection point during the construction of the graph. The document object model(DOM) state was used as the node, and the browser event as the edge to model the Web application and identify the hidden injection point. In the meanwhile, Web page analysis was combined with agent technology to enhance the judgment accuracy of the injection point. Firstly, the presence of the Web page was analyzed with the reference uniform resource locator(URL) and Form. Then, the Web page's element of the browser event was triggered to detect whether it contained the relevant data request, and to determine whether the Web page had a suspected vulnerability injection point. Thirdly, the suspected injection point was tested by using the probe vector technique. According to the output position of the probe vector, the injection point was classified and saved. In order to effectively determine whether there existed XSS vulnerability attack in the injection point, XSS Filter Evasion Cheat Sheet was transformed based on mutation operation and filtering escape technique. The attack vector with higher success rate was designed and classified according to the different response position. According to the different response location, the attack vector, the injection point and the injection attack result were classified, and different response result methods were designed to analyze whether there was XSS vulnerability. Finally, based on the above method, the XSS vulnerability detection system was designed and implemented, and the experimental comparison was carried out to verify its effectiveness.