burp suite 使用 xssvalidate 进行自动化xss安全扫描
下载
https://portswigger.net/burp/releases/download?product=free&version=1.7.27&type=macosx
https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-macosx.zip
git clone https://github.com/nVisium/xssValidator
cd xssValidator;
mkdir ./burp-extender/lib
cd burp-extender/lib
wget http://central.maven.org/maven2/commons-codec/commons-codec/1.6/commons-codec-1.6.jar
wget http://central.maven.org/maven2/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar
wget http://central.maven.org/maven2/org/apache/httpcomponents/fluent-hc/4.3.6/fluent-hc-4.3.6.jar
wget http://central.maven.org/maven2/org/apache/httpcomponents/httpclient/4.3.6/httpclient-4.3.6.jar
wget http://central.maven.org/maven2/org/apache/httpcomponents/httpclient-cache/4.3.6/httpclient-cache-4.3.6.jar
wget http://central.maven.org/maven2/org/apache/httpcomponents/httpcore/4.3.3/httpcore-4.3.3.jar
wget http://central.maven.org/maven2/org/apache/httpcomponents/httpmime/4.3.6/httpmime-4.3.6.jar
cd ../../burp-extender/bin/burp
ant;
ls bin/burp/xssValidator.jar;
启动xss服务(这个必须有)
cd /path/to/xssValidator/xss-detector;
phantomjs xss.js;