DOM-XSS Scanner Checks for Burp Suite

This Burp Suite plugin passively scans for DOM-Based Cross-Site Scripting. It is written completely in Java and takes advantage of the new Burp 1.5.x Extender API.

It uses regular expressions to check for the existence of Javascript keywords which indicate the presence of DOM-XSS sources and sinks. The regex was inspired by a number of sources including domxsswiki, this blog post by Euronymous, and StaticBurp and has been tuned extensively to eliminate false positives.

In addition, it attempts to parse out variables named in sources and match them up to sinks in order to set the confidence:

  • Tentative: Only sources OR sinks found
  • Firm: Sources AND sinks found
  • Certain: Source variables match up to one or more sinks

I'd be interested in any feedback, including false positives, and especially false negatives. if you find any, please contact me.

Download binary Source code to be released at a later date

Burp Suite 1.5.x required for use.

 

Creative Commons License
DOM-XSS Scanner Checks by August Detlefsen is licensed under a
Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.