Method for generating cross-site scripting attack
First Claim
Patent Images
1. A method for generating a cross-site scripting attack, applicable to an electronic device, comprising:
- receiving a number of attack string samples, wherein each attack string sample includes a number of string words;
analyzing the attack string samples respectively to obtain a number of first token sequences, wherein each first token sequence includes a number of tokens, and each token corresponds to at least one of the string words;
generating a number of cross-site scripting attack strings according to the string words corresponding to the tokens and the first token sequences, comprising;
establishing a structure model according to the first token sequences;
generating a number of second token sequences by using the tokens according to the structure model; and
substituting the string words corresponding to the tokens into the second token sequences to generate the cross-site scripting attack strings; and
outputting the cross-site scripting attack strings.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for generating a cross-site scripting attack is provided. An attack string sample is analyzed for obtaining a token sequence. A string word corresponding to each token is used to replace the token for generating a cross-site scripting attack string. Accordingly, a large number of cross-site scripting attacks are generated automatically, so as to execute a penetration test for a website.
7 Citations
7 Claims
-
1. A method for generating a cross-site scripting attack, applicable to an electronic device, comprising:
-
receiving a number of attack string samples, wherein each attack string sample includes a number of string words; analyzing the attack string samples respectively to obtain a number of first token sequences, wherein each first token sequence includes a number of tokens, and each token corresponds to at least one of the string words; generating a number of cross-site scripting attack strings according to the string words corresponding to the tokens and the first token sequences, comprising; establishing a structure model according to the first token sequences; generating a number of second token sequences by using the tokens according to the structure model; and substituting the string words corresponding to the tokens into the second token sequences to generate the cross-site scripting attack strings; and outputting the cross-site scripting attack strings. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeNational Taiwan University of Science and Technology
-
Original AssigneeNational Taiwan University of Science and Technology
-
InventorsMao, Ching-Hao, Yeh, Jerome, Lee, Hahn-Ming, Wang, Yi-Hsun, Wu, Kuo-Ping
-
Primary Examiner(s)Yalew, Fikremariam A
-
Application NumberUS13/298,295Publication NumberTime in Patent Office628 DaysField of SearchNoneUS Class Current726/5CPC Class CodesH04L 63/1433 Vulnerability analysisH04L 63/1466 Active attacks involving in...
