Method for generating cross-site scripting attack
First Claim
Patent Images
1. A method for generating a cross-site scripting attack, applicable to an electronic device, comprising:
- receiving a number of attack string samples, wherein each attack string sample includes a number of string words;
analyzing the attack string samples respectively to obtain a number of first token sequences, wherein each first token sequence includes a number of tokens, and each token corresponds to at least one of the string words;
generating a number of cross-site scripting attack strings according to the string words corresponding to the tokens and the first token sequences, comprising;
establishing a structure model according to the first token sequences;
generating a number of second token sequences by using the tokens according to the structure model; and
substituting the string words corresponding to the tokens into the second token sequences to generate the cross-site scripting attack strings; and
outputting the cross-site scripting attack strings.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for generating a cross-site scripting attack is provided. An attack string sample is analyzed for obtaining a token sequence. A string word corresponding to each token is used to replace the token for generating a cross-site scripting attack string. Accordingly, a large number of cross-site scripting attacks are generated automatically, so as to execute a penetration test for a website.
7 Citations
7 Claims
-
1. A method for generating a cross-site scripting attack, applicable to an electronic device, comprising:
-
receiving a number of attack string samples, wherein each attack string sample includes a number of string words; analyzing the attack string samples respectively to obtain a number of first token sequences, wherein each first token sequence includes a number of tokens, and each token corresponds to at least one of the string words; generating a number of cross-site scripting attack strings according to the string words corresponding to the tokens and the first token sequences, comprising; establishing a structure model according to the first token sequences; generating a number of second token sequences by using the tokens according to the structure model; and substituting the string words corresponding to the tokens into the second token sequences to generate the cross-site scripting attack strings; and outputting the cross-site scripting attack strings. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification