DEV Community

Aaron Esau
Aaron Esau

Posted on

Meissner Lop :: Reliable XSS Exploit Fuzzer

#octograd2020

Project: Meissner Lop

Meissner Lop is a multithreaded dictionary/mutation-based CLI XSS exploit fuzzer capable of automatically identifying filter bypasses and injection contexts.

Demo

demo

Link to Code

GitHub logo Arinerron / meissner

Meissner Lop - Dictionary-based fuzzer for mutation XSS

About

Meissner Lop is a dictionary-based exploit fuzzer for mutation XSS.

xss

Installation

Automatic

pip3 install meissner

Manual

git clone https://github.com/arinerron/meissner.git
cd meissner
sudo ./setup.py install

Usage

usage: meissner [-h] [--no-ansi] [--log-level LOG_LEVEL] [--url URL] [--dictionary DICTIONARY] [--threads THREADS] [--filter FILTER] [--engine ENGINE] [cmd [cmd ...]]
Meissner Lop - Dictionary-based fuzzer for mutation XSS
positional arguments
  cmd                   the command to execute, where {xss} is the injection point

optional arguments:
  -h, --help            show this help message and exit
  --no-ansi, -c         disable ANSI coloring on all output
  --log-level LOG_LEVEL, -v LOG_LEVEL
                        set logging level
  --url URL, --uri URL, -u URL
                        use a URL harness, where {xss} is the injection point
  --dictionary DICTIONARY, --dict DICTIONARY, -d DICTIONARY
                        the Meissner mutation dictionary to use
  --threads THREADS, --threads-count THREADS, -t THREADS
                        the number of threads allocated to use for engines
  --filter FILTER, -f FILTER
                        pass the input through a filter before the program
  --engine ENGINE, --browser
View on GitHub

How I built it

Basically, it has three main components:

  • the CLI. It handles HTTP requests and raw binaries/commands by abstracting the input through "harnesses".
  • the XSS verification engines (selenium, etc). It actually verifies whether or not the alert() dialog will pop, which is cool.
  • the mutator / payload generator. This part needs the most work.

Honestly the project still has a lot of work to do. There's not really a way to "prioritize" interesting XSS cases, so all we can do is identify the filters and context, then bash it.

Hm, the template for this post asks for my stack:

Additional Thoughts

i use arch btw

Top comments (0)

Read next

viistorrr profile image

🎨La Digitalización del Arte

viistorrr -

orololuwa profile image

Setting up a Database Driver, Repository and Implementation of a transaction function for your Go App

Orololuwa -

dariusc16 profile image

Squlite

Darius Cooper -

tiuwill profile image

From Bugs to Brilliance: Enhancing Code Reliability Through Mutation Testing

Willian Ferreira Moya -