Avast not detecting beef-xss attack

[REDACTED]

Hey guys
first of all sorry for my english (I've just started English grammar  )
i was testing beef-xss framework attacks on my virtual machine (guest) systems, for (pen-testing purpose .
and i just performed same attack on my host machine (which is a Windows 10 system with latest and updated avast premier) and my host machine compromised by the attacking machine, no avast alerts no blocking, no action nothing.
It means if someone tries to hack my pc with beef-xss attack then avast can not save me from that attacker 
And on a different machine that has norton security 2016 installed, i did the same attack and norton blocked that url and the attack failed.

So This is a request to Avast! please add this kind of attack in virus definition so we can save our pc from hackers...

Thanks
 

[polonus]

If the main problem is hook.js beef various browsers with script blockers may block it (e.g. No Script, uMatrix).
In other cases users should enable script blocking (IE).

Read from web application Stack Exchange poster "atdre" (credit for below info goes there): https://security.stackexchange.com/questions/122231/preventing-browser-from-beef-exploitation

When I checked with an unpacker for general javascript vulnerabilities I found:

Vuln. inside code see attached: found JavaScript

     error: undefined variable $
     error: undefined function $

See attached in the form of a harmless txt file: (plus the fact that normally AV will not detect hook.js
either as malicious or suspicious (indifferent code))

polonus (volunteer website security analyst and website error-hunter)

[polonus]

On detection we should read a general article like: https://www.symantec.com/connect/articles/detection-sql-injection-and-cross-site-scripting-attacks

Incidentally, the default ruleset in Snort does contain signatures for detecting cross-site scripting, but these can be evaded easily. Most of them can be evaded by using the hex-encoded values of strings such as %3C%73%63%72%69%70%74%3E instead of <script>.

If you wish to detect each and every possible SQL Injection attack, then you simply need to watch out for any occurrence of SQL meta-characters such as the single-quote, semi-colon or double-dash. Similarly, a paranoid way of checking for CSS attacks would be to simply watch out for the angled brackets that signify an HTML tag.

Example of a snort detection rule with a regex for detection of SQL meta-characters, like example

regular expression would be added into a new Snort rule as follows:

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"SQL Injection - Paranoid";
flow:to_server,established;uricontent:".pl";pcre:"/(\%27)|(\')|(\-\-)|(%23)|(#)/i"; classtype:Web-application-attack; sid:9099; rev:5;)

For more examples for various detections, see the above link, finally a paranoia regex like

/((\%3C)|<)[^\n]+((\%3E)|>)/I

.

polonus

[REDACTED]

Wow 
Got it Sir, Thanx.

[polonus]

Hi naresh.nn

You are welcome.

Keep up the good work,

polonus

[savcin]

Will be detected in next update.