Identify Browser alert messges in Mechanize - Python

274 views Asked by At

I am trying to develop a small automated tool in python that can check Forms inputs of a web application for XSS vulnerability. I hope to do this using python mechanize library so that I can automate form filling and submit and get the response from the python code. Though mechanize is also works as a browser, is there a way to detect a browser alert message for an input containing a script. Or else is there any other library for python such that I can perform this functionality. Any sample code will be a great favor.

PS : I am trying to develop this so that I can find them in an application we are developing and include them in a report and NOT for Hacking purpose.

Thank you.

1

There are 1 answers

0
Deepal On BEST ANSWER

Answering my own question. Browser giving an alert message simply means that our the node is injected into DOM. By simply looking for the string that I injected in the response body, I could determine whether the given input is reflected through the browser without proper sanitization.