Testing for XSS



what is the best way to find Xss in a web site … using automated tools app -->scanner like Vega , Burp scanner,nikto etc
or Manual testing and how you make a manual testing !!!
A basic example


personally, for the initial tests i use a test string as "kkk’zzz</img . If this string is reflected back without filtered characters there is a chance for XSS. Then, if the result is negative i continue using a custom XSS payload through Burp Pro Intruder.


The simple way but not accurate could be owasp-mantra-ff tool suite and use xss-me on the page you are auditing. Otherwise you can use Vega to at least detect a potentially vulnerable parameter on a site page, then a framework I like is w3af and you can set an xss expoit using the url and vulnerable parameter you detected through Vega and input your own custom data strings for testing/exploit. I use parrot-sec however Vega, Mantra and w3af are available via kali repos.


I try Vega, w3af , nikto , burp sanner , OWASP Zed,grabber ,uniscan ,

to me it seems a waste of time…I found nothing no critical vulnerability at all of this scanner not just only informativ raport or low .
now i will try openvas


You…do know that for both vega and w3af you should not use the pre-config scan profiles? For w3af you should definitely cofigure each testing parameter under “crawl” , “audit” and so forth, especially if you know about the system you are auditing. The same goes for vega.


yes i know … webSpider is still very slow for w3af
In the GUI mode the number req/s goes slowly to zero, but the CPU … This is still not working
I prefer to not use w3af


I think my question is you use Brup/Zap… etc manual mode and surf … on web page search for vuln
or you use scanner automated to detect vuln
what mode is better ?
i try to undestend … what is better to do for more accurate
to have more success to discovery vuln


There’s a great burp extension called xssValidator which is pretty good at testing for XSS; it uses phantomjs with intruder. I issued a pull request for a [bash script] (https://github.com/l50/xssValidator/blob/master/buildXssValidatorJar.sh) to install it as well if you’re having trouble, or you can use the puppet module if you’re a puppet user.


Find XSS

If you seek a simple project-based tool that will help find cross-site scripting problems across website or a PHP project, Find XSS is one of the most trusted tools that you’d find. Their website offers a detailed explanation on how to get started.

Additionally, there are plenty of other security tools within the website that will help you monitor and detect other security problems.

  • Free test available
  • Scans for XSS and SQLi
  • Option to upload projects
  • Firefox addons available


i would say code analysis is the best way for finding xss but no doubt sometimes you need to automate your work for it i will recommend you XSStriker by somdev you will find it on github.