snuck is an automated tool that may definitely help in finding XSS vulnerabilities in web applications. It is based on Selenium and supports Mozilla Firefox, Google Chrome and Internet Explorer. The approach, it adopts, is based on the inspection of the injection's reflection context and relies on a set of specialized and obfuscated attack vectors for filter evasion. In addition, XSS testing is performed in-browser, a real web browser is driven for reproducing the attacker's behavior and possibly the victim's.
snuck is quite different from typical web security
scanners, it basically tries to break a given XSS filter by specializing
the injections in order to increase the success rate. The attack
vectors are selected on the basis of the reflection context, that is the
exact point where the injection falls in the reflection web page's DOM.
Having access to the pages' DOM is possible through Selenium Web
Driver, which is an automation framework, that allows to replicate
operations in web browsers. Since many steps could be involved before an
XSS filter is "activated", an XML configuration file should be filled
in order to make snuck aware of the steps it needs to perform
with respect to the tested web application. Practically speaking, the
approach is similar to the iSTAR's one, but it focuses on one particular XSS filter.