Xelenium, Security Testing with Selenium

Xelenium is the solution to using the Selenium apis and that helps us in identifying the reflected XSS (cross site scripting) infected fields in a web application. This solution is developed using Java swing and thread concepts, and the solution is flexible such that user can customize the attack vectors that attack
the application. Steps to use:1. Download the xelenium.jar file and double click on it. You will be provided
with the UI as below:

2. Enter the url of the application under test in ‘Enter URL’ field and click on
the ‘Capture Pages’ button.
Note: Please ensure to provide the url starting with either http:// or
https://
3. Xelenium will launch the Firefox browser and display the web page of the
provided url.
4. Navigate to the required pages that need to be scanned.
5. Close the browser.
6. URL details of the navigated pages will be displayed in the ‘Captured Pages’
list box.
7. Select the required one and remove the unwanted one using ‘Remove’
button.
8. If the navigated pages are password protected, provide the login
credentials in ‘Login Creds’ section.
9. Navigate to the ‘Attack Vector’ section and select the required XSS attack
vectors from the ‘Available Attack Vectors’ list box.

Note: Please only use the attack vectors that trigger the javascript alert box.
11. Navigate back to the ‘Capture & Scan’ tab and click on the ‘Perform XSS
Scan’ button.
12.Selenium will execute series of tests with selected attack vectors and would
display the scan results in the default browser as below

13. ‘Log’ tab would provide us with the log details of the scan and the details
of any exceptions.
Limitations:
Following are some of the limitations of the Xelenium that I am planning to
implement in upcoming versions:
1. Predefined field values
2. Support for multiple browser applications
3. Support for multiple frames in a browser.

Download Right HereXelenium.jar (47.2 MB)
Read more in here