【摘要】 提出一种自动化检测Android应用反射型跨站脚本漏洞的方法,通过对Android应用组件的识别和分类,自动化输入测试例和点击与输入框关联的按钮,监测运行结果判断应用是否具有潜在的反射型跨站脚本漏洞,并通过图像处理方法实现了对Web View的支持.基于该方法实现了一个原型工具.实验表明,该方法可以有效的检测Android应用的反射型跨站脚本漏洞,具有较高的实用性.更多还原

【Abstract】 This paper presents an automated method for detecting reflected XSS vulnerabilities of Android Apps. Through identifying and classifying Android Apps components, automatically inputting test cases, clicking on the input box-related buttons and monitoring the results, to determine whether the applications have potential reflected XSS vulnerabilities. Moreover this method implements support for Web View by image processing. Based on this method, a prototyping tool is also implemented. The experiment results demonstrate that this proposed method can detect reflected XSS vulnerabilities of Android Apps with high practicability and effectiveness.更多还原