[Oisf-users] Detecting XSS
Peter Manev
petermanev at gmail.com
Fri Jun 1 15:08:58 UTC 2018
On Fri, Jun 1, 2018 at 9:22 AM, C. L. Martinez <carlopmart at gmail.com> wrote:
> Hi all,
>
> I am doing some XSS tests with Suricata 4.0.4 and 4.1beta1 (both installed
> under CentOS 7.5 fully patched) and they are not detected by Suricata.
>
> For example launching a request like:
>
> http://my.test.server.org/tstwww/dp//?mktportal=%3C/script%3E%3Cscript%3Ealert(%27myXXSSpoc%27)%3C/script%3E%3Cscript%3E
>
> ... no alert is triggerred and I have loaded and activated all ET-open
> rules under Suricata.
>
> eve.json only log the server response and not the client request.
>
Maybe that could be a clue for not having an alert? (not seeing all
the traffic ?)
Also - do you have all configs set up properly as well in terms of
home/ext nets variables and rule set up (that detects) for that
particular exploit/test.
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list