Diogo Silva

Hi @pranavsaxena17, can you fix the conflicts?

You need to update the CHANGELOG.md of the ascanrulesBeta. I would also be nice if you update the help to mention the cases where the rule will test the request(...

> Just ran across this, might be worth trying: > https://github.com/anxolerd/dvpwa#stored-xss Ok :), I will test it. It is working on my tests and on DVWA. Later I will search...

> Just ran across this, might be worth trying: > https://github.com/anxolerd/dvpwa#stored-xss It finds the Stored XSS vulnerability on the DVPWA Once you check the names of the scanners II will...

> I'd suggest dropping the "Test" prefix on the classes (I know that's a hold over and not something you've introduced). Anything else that can be done to simplify class...

> > Should all use the same? The prime, spider and attack all had different Ids. > > Sorry no they should have different ones but the IDs of the...

What else needs to be done: - [x] Create tests for the scanners - [x] Only test path variables when the alert threshold is low and when the attack strength...

I found 2 problems while I was doing tests. The PersistentXSSUtils.java (now ParamSinksUtils.java) creates HistoryReferences to store the requests that are sinks but the history table will be null while...

> I'd suggest changing `PersistentXSSUtils` to allow to set a "message persister" (e.g. `Function`, which defaults to the current behaviour). The tests can then set one that mocks the `HistoryReference`s...

@kingthorin @thc202 It is ready for review, if there is something missing please let me know.