Description
This plugin finds Cross Site Scripting (XSS) vulnerabilities. One configurable parameters exists:
- persistent_xss
To find XSS bugs the plugin will send a set of javascript strings to every parameter, and search for that input in the response. The “persistent_xss” parameter makes the plugin store all data sent to the web application and at the end, request all URLs again searching for those specially crafted strings.
Plugin type
Options
| Name | Type | Default Value | Description | Help |
| persistent_xss | boolean | True | Identify persistent cross site scripting vulnerabilities | If set to True, w3af will navigate all pages of the target one more time, searching for persistent cross site scripting vulnerabilities. |
Source
For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
Plugin source code
Unittest source code
Dependencies
This plugin has no dependencies.
