摘要：跨站脚本是一类基于网站应用程序的安全漏洞攻击，将研究和解决快速化的自动化检测。为了有效地防止跨站脚本被滥用，决定创建一种基于Web 的跨站脚本检测方式，以发现Web站点中潜在的跨站风险。完成主要的6大模块有：登陆模块、检测模块、扫描模块、输出模块、报表模块、日志模块。核心代码模块是检测和扫描部分，他们相互配合构造跨站参数并抓取反馈信息，其他模块配合核心代码起到辅助作用。选择PHP进行构造是一大亮点，PHP是一种Web程序语言，能够快速地解析前端DOM内容，在脚本语言中速度仅次于Python。用Web方式构造和检测本就属于Web 攻击的跨站脚本，将更加快捷、高效。
    关键词 ：跨站脚本；Web；PHP；安全检测；扫描
    中图分类号：TP911?34 文献标识码：A 文章编号：1004?373X（2015）20?0041?03
    Online XSS testing tool based on PHPWANG Pei，NIU Chen，DING Litong
    （Xi’an University of Posts  Telecommunications，Xi’an 710121，China）
    Abstract：The XSS（cross site scripting） is a kind of attack against the security hole based on network application pro?gram. Its fast auto?test is studied in this paper. In order to prevent the abuse of XSS effectively，a Web?based XSS testingmethod is designed to detect the potential cross?site risks in Web sites. Six main modules（login module，detection module，scanning module，output module，report module and log module）were fulfilled，in which the kernel code modules are detectionand scanning ones，which cooperate each other to construct cross?site parameters and grab the feedback data. PHP is a Web pro?gram language，which can resolve the front?end DOM contents quickly，and its rate is second only to Python in scripting lan?guage. To use Web method to structure and detect XSS belonging to the Web attack is more convenient and efficient.
    Keywords：cross site scripting；Web；PHP；security detection；scan