After silently inserting itself to run inside any browser—be it that of a PC, a cell phone—Jikto can then search sites for cross-site scripting vulnerabilities and report its findings to a third party without the user of the infected browser being aware.
It can also replicate itself onto sites containing cross-site scripting vulnerabilities and then spread via latching onto visiting browsers, Hoffman told eWEEK in an interview.
Web application vulnerability scanners have been around some seven years. Most have been software installed on a PC.
Thats good, the security researcher said—"By getting them interested, we can use that to [heighten the awareness of the dangers of Web site vulnerabilities]."