Snuck is an automatic tool whose goal is to significantly test a  given XSS filter by specializing the injections on the basis of the  reflection context. This approach adopts Selenium to drive a web browser  in reproducing both the attacker's behavior and the victim's.
snuck is an automated tool that may definitely help in finding XSS  vulnerabilities in web applications. It is based on Selenium and  supports Mozilla Firefox, Google Chrome and Internet Explorer. 
The approach, it adopts, is based on the inspection of the injection's  reflection context and relies on a set of specialized and obfuscated  attack vectors for filter evasion. In addition, XSS testing is performed  in-browser, a real web browser is driven for reproducing the attacker's  behavior and possibly the victim's.
snuck is quite different from typical web security scanners, it  basically tries to break a given XSS filter by specializing the  injections in order to increase the success rate. The attack vectors are  selected on the basis of the reflection context, that is the exact  point where the injection falls in the reflection web page's DOM.
Having access to the pages' DOM is possible through Selenium Web Driver,  which is an automation framework, that allows to replicate operations  in web browsers. Since many steps could be involved before an XSS filter  is "activated", an XML configuration file should be filled in order to  make snuck aware of the steps it needs to perform with respect to the  tested web application.
 

 






 
 
 
 
 
 
 
 
 
