Automatic XSS Exploit Generation Using Grammatical Evolution

Fuzzers can reveal vulnerabilities in the software by generating test input data and feeding inputs to software under test. The approach of grammar-based fuzzers is to search in the domain of test data which can be generated by grammar in order to find an attack vector with the ability to exploit the vulnerability. The challenge of fuzzers is a very large or infinite search domain and finding the answer in this domain is a hard problem. Grammatical Evolution(GE) is one of the evolutionary algorithms that can utilize grammar to solve the search problem. In this research, a new approach for generation of fuzz test input data by using grammatical evolution is introduced to exploit the cross-site scripting vulnerabilities. For this purpose, a grammar for generating of XSS attack vectors is presented and a fitness calculation function is proposed to guide the GE in search for exploitation. This method has realized the automatic exploitation of vulnerability with black-box approach. In the results of this research, 19% improvement achieved in the number of vulnerabilities discovered compared to the white-box method of NAVEX and black-box ZAP tool, and without any false positives.