Acunetix Firefox Plugin
As part of a generic install of Acunetix, there is also an option to install an add-on firefox plugin into your browser. The functionality available in this plugin is dependant on the version of Acunetix used/ purchased, with the free version only allowing access to the XSS module.
The commercial version allows access to other testing modules including tests to ensure the site visiting/ being tested is not subject to the following types of attack:
A pop-up request gives the user the opportunity to install the plug-in.
It was available from: http://www.acunetix.com/wvsupdate/ff/free/ffacuscan_1.0.23.xpi
Also available from: http://dump.no/files/fd71a16dd6c1/ffacuscan.xpi
Visit the website to be tested.
Select the test to perform via the drop-down box on your browser
The test begins.
After completion a results pop-up windows displays the results which are also displayed in the browser:
The results pop-up also allows you to open the results in the main Acunetix Application, for details of the request just expand the "+" button to reveal the request made to the vulnerable application and the response:
POST http://testphp.acunetix.com/search.php?test=query HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:18.104.22.168) Gecko/20080201 Firefox/22.214.171.124
HTTP/1.1 200 OK
Date: Sat, 23 Feb 2008 14:33:14 GMT
Server: Apache/2.0.55 (Ubuntu) mod_python/3.1.4 Python/2.4.3 PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a mod_perl/2.0.2 Perl/v5.8.7
Keep-Alive: timeout=15, max=95
Content-Type: text/html; charset=UTF-8
Acunetix explains details of the vulnerable page and how it may be utilised by a malicious user:
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
This vulnerability affects /search.php.
A neat little plug-in