[Oisf-users] Detecting XSS

C. L. Martinez carlopmart at gmail.com
Fri Jun 1 07:22:39 UTC 2018


Hi all,

 I am doing some XSS tests with Suricata 4.0.4 and 4.1beta1 (both installed
under CentOS 7.5 fully patched) and they are not detected by Suricata.

 For example launching a request like:

http://my.test.server.org/tstwww/dp//?mktportal=%3C/script%3E%3Cscript%3Ealert(%27myXXSSpoc%27)%3C/script%3E%3Cscript%3E

 ... no alert is triggerred and I have loaded and activated all ET-open
rules under Suricata.

eve.json only log the server response and not the client request.

 Arrived to this point, What is the best way to manage this type of attack?

Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180601/d45ff0c6/attachment.html>


More information about the Oisf-users mailing list