[v1.5]Add no-selenium options

[hahwul]

selenium is very slow and busy to system.
I think user's need an option.

[bsysop]

I would think is two steps maybe:

• xsstrike use regex
• knoxx use browser validation

I have made some software to find xss which detect alert() with selenium, so trivial.

Two steps would be:

• Regex first (just a simple request)
• Selenium after just for validation if confirmed or not

What do you think?

[hahwul]

Hi @bsysop !
Thank you so much for your opinion!
Right. That's why I'm thinking about this issue.
But I still haven't figured out what's better.

I don't know if it's really meaningful to check again with selenium for the result that the attack code has been accurately reflected. Rather, I think it's better to cut back on resources and use them only in point(polyglot, in js, DOM) where selenium is really needed.

[hahwul]

@bsysop
but, I still need more think.
Ah, and thank you so much for the give the PoC yesterday :)

[bsysop]

You right!

Dont worry, here for anything you need. =]

I will send you dm now with something could help this

[hahwul]

@bsysop
What you gave me was very helpful! Thanks, man :)

[bsysop]

=] You welcome \o/