Automatic XSS Exploit Generation Using Grammatical Evolution

Q: How can I download an article?

To download an article from SID, first log in to the site, search for the article title, and click on the 'Download Article' option.

Q: How can I download an ISI article?

To download an ISI article on SID, enter the keyword or article title in the search bar, view the relevant results, click on the desired article, and select the 'Download Article' option.

Q: How can I access the SID database?

To access the SID database, visit SID.ir, create an account, and log in to access scientific resources.

Q: Is downloading articles from SID free?

Some articles on SID are available for free, while others require payment. Details are specified on the article's page.

Moghaddasi A.; BAGHERI M.

مرکز اطلاعات علمی Scientific Information Database (SID) - Trusted Source for Research and Academic Resources

Journal Paper

Paper Information

Journal: JOURNAL OF ELECTRONIC AND CYBER DEFENCE Year:2021 | Volume:9 | Issue:2 Page(s): 101-119

Download Full-Text

Persian Verion

View:

Download:

Cites:

Information Journal Paper

Title

Automatic XSS Exploit Generation Using Grammatical Evolution

Author(s)

Moghaddasi A. | BAGHERI M. | Issue Writer Certificate

Keywords

VulnerabilityQ4

ExploitationQ4

Cross Site Scripting (XSS)Q4

Grammatical EvolutionQ4

Fuzzer Fuzz testingQ4

Abstract

Fuzzers can reveal vulnerabilities in the software by generating test input data and feeding inputs to software under test. The approach of grammar-based fuzzers is to search in the domain of test data which can be generated by grammar in order to find an attack vector with the ability to exploit the Vulnerability. The challenge of fuzzers is a very large or infinite search domain and finding the answer in this domain is a hard problem. Grammatical Evolution(GE) is one of the evolutionary algorithms that can utilize grammar to solve the search problem. In this research, a new approach for generation of fuzz test input data by using Grammatical Evolution is introduced to exploit the cross-site scripting vulnerabilities. For this purpose, a grammar for generating of XSS attack vectors is presented and a fitness calculation function is proposed to guide the GE in search for Exploitation. This method has realized the automatic Exploitation of Vulnerability with black-box approach. In the results of this research, 19% improvement achieved in the number of vulnerabilities discovered compared to the white-box method of NAVEX and black-box ZAP tool, and without any false positives.

Cites

No record.

References

No record.

Cite

Related Journal Papers

No record.

Related Seminar Papers

No record.

Related Plans

No record.

Recommended Workshops