OWASP Xelenium Project
Warm Greetings!!! Welcome to the official page of 'OWASP Xelenium' project!!!
Xelenium is a security testing tool that can be used to identify the security vulnerabilities present in the web application. Xelenium uses the open source functional test automation tool 'Selenium' as its engine and has been built using Java swing.
Xelenium has been designed considering that it should obtain very few inputs from users in the process of discovering the bugs.
Current version of Xelenium can be found here: http://sourceforge.net/projects/xeleniumsecurit/. Current version helps the user in identifying the Cross Site Scripting (XSS) threats present in the web application. In the subsequent versions, Xelenium will be enhanced such that it could identify other leading threats.
Please refer the road map for future plans.
Xelenium is an automation testing tool that can be used to identify the security vulnerabilities present in the web application. Xelenium uses ‘Selenium - Webdriver’ as its engine and has been developed using Java swing.
Selenium – Webdriver is an open source functional testing tool and is very powerful and flexible. More details on Selenium can be found here: http://seleniumhq.org/.
Following are the pre-requisites of Xelenium:
1. Mozilla Firefox (versions: 3.0, 3.5, 3.6, 4.0, 5.0, 6, 7) Note: Xelenium works with all the version of Firefox browsers that are supported by Selenium Webdriver. Please refer the Seleniumhq website for up-to-date information. 2. Java 1.6 or above
How it works?
Xelenium captures the details of web pages that are required to be scanned, and during scanning, it performs scan on each of the text fields present in the web page by making http requests to the respective pages.
Http requests are made using Selenium Htmlunit driver and call are made concurrently using Java threads.
Steps to use
Following are the steps that need to be followed to perform scan using Xelenium:
1. Download the xelenium.jar file and double click on it. Xelenium will be launched as shown below:
2. Enter the url of the application under test in ‘Enter URL’ field and click on the ‘Capture Pages’ button. Note: Please ensure to provide the url starting with either http:// or https:// 3. Xelenium will launch the Firefox browser and display the web page of the provided url. 4. Navigate to the required pages that need to be scanned. 5. Close the browser. 6. URL details of the navigated pages will be displayed in the ‘Captured Pages’ list box.
7. You can remove the unwanted url using the ‘Remove’ button present under ‘Captured Pages’ list box. 8. Navigate to the ‘Attack Vector’ section and select the required XSS attack vectors from the ‘Available Attack Vectors’ list box.
| PROJECT INFO
What does this OWASP project offer you?
| RELEASE(S) INFO|
What releases are available for this project?