Cross-Site Scripting (XSS)

XSSER

xsser --auto=<URL> --cookie=<COOKIE>

WFUZZ

Wfuzz is another popular tool used to fuzz applications not only for XSS vulnerabilities, but also SQL injections, hidden directories, form parameters, and more. It is included in Kali by default.

Basic usage of Wfuzz includes specifying a wordlist file including the payloads to use with the -z flag, and the URL to test, replacing the parameter in question with FUZZ. We can also set the -c flag to get color output.

wfuzz -c -z file,/usr/share/wfuzz/wordlist/Injections/XSS.txt http://domain.com/application/index.php?page=FUZZ

Also of use, when fuzzing an application where many different response codes might be encountered, the --hc flag can be utilized to ignore certain responses, such as 404 codes.

Another helpful feature of Wfuzz is the ability to encode payloads in order to bypass defensive filters more effectively.

Simply append the desired encoder (in this case urlencode) to the specified file, separated by a comma, to encode the payloads.

wfuzz -c -z file,/usr/share/wfuzz/wordlist/Injections/XSS.txt,urlencode http://domain.com/application/index.php?page=FUZZ

XSStrike

It is a dedicated suite for detecting cross-site scripting vulnerabilities that includes an intelligent payload generator, a fuzzer, a crawler, WAF detection, and more. XSStrike is currently in beta.

git clone https://github.com/s0md3v/XSStrike

cd XSStrike
pip3 install -r requirements.txt

This tool begins by checking for DOM-based XSS vulnerabilities, and the potentially vulnerable parameters are displayed on the screen. Reflected XSS is tested for next, and the interactive payload generator displays the payload and the projected likelihood of success. To continue scanning, hit y at the prompt.

Scan a single URL

Option: -u or --url. Test a single webpage which uses GET method.

python xsstrike.py -u "http://example.com/search.php?q=query"

Supplying POST data python

xsstrike.py -u "http://example.com/search.php" --data "q=query"

Supply HTTP headers

Option: --headers. This option will open your text editor (default is 'nano') and you can simply paste your HTTP headers and press Ctrl + S to save.

If your operating system doesn't support this or you don't want to do this anyway, you can simply add headers from command line separated by as follows:

python xsstrike.py -u "http://example.com/page.php?q=query" --headers "Accept-Language: en-US\nCookie: null" --file-log-level DEBUG --log-file output.log

PreviousGraphQL NextSQL Injection

Last updated 1 year ago

hashtagXSSER

hashtagWFUZZ

hashtagXSStrike

hashtagScan a single URL

hashtagSupplying POST data python

hashtagSupply HTTP headers