GAXSS: Effective Payload Generation Method to Detect XSS Vulnerabilities Based on Genetic Algorithm

<table class="table-group" id="tab7"><tr><td><table class="table"><tr><td class="thead-hr" colspan="2"><hr/></td></tr><tr class="thead"><td class="align_left">Mutation forms</td><td class="align_left">Specific description</td></tr><tr><td class="thead-hr" colspan="2"><hr/></td></tr><tr><td class="align_left">Coding confusion</td><td class="align_left">1.HTML encode<br/>2.Unicode encode<br/>3.URL encode<br/>4.Base64</td></tr><tr><td class="align_left" colspan="2"><hr/></td></tr><tr><td class="align_left">Sensitive words replacement</td><td class="align_left">5.Events sensitive words replacement<br/>6.Sensitive functions replacement<br/>7.Blank character replacement<br/>8.Bracket replacement</td></tr><tr><td class="align_left" colspan="2"><hr/></td></tr><tr><td class="align_left">Position or form change</td><td class="align_left">9.Attributes and events swap positions<br/>10.Case change<br/>11.Shape transformation of pop-up window function</td></tr><tr><td class="align_left" colspan="2"><hr/></td></tr><tr><td class="align_left">Add special characters</td><td class="align_left">12.Add a blank character (between the event and the trigger code)<br/>13.Insert the tag into the tag<br/>14.Add notes (between the function and the parentheses)<br/>15.Add some characters before or after the vector</td></tr><tr class="table-tr"><td colspan="2"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>Genetic mutation method (XSS payload bypass method).</div>

Security and Communication Networks

tab7

Table 7

Table 7: GAXSS: Effective Payload Generation Method to Detect XSS Vulnerabilities Based on Genetic Algorithm 