Testing for XSS

d3c0d3r · January 13, 2017, 8:10am

hello

what is the best way to find Xss in a web site … using automated tools app -->scanner like Vega , Burp scanner,nikto etc
or Manual testing and how you make a manual testing !!!
A basic example

ramirezVII · January 13, 2017, 1:47pm

personally, for the initial tests i use a test string as "kkk’zzz</img . If this string is reflected back without filtered characters there is a chance for XSS. Then, if the result is negative i continue using a custom XSS payload through Burp Pro Intruder.

r1sen · January 14, 2017, 6:12am

The simple way but not accurate could be owasp-mantra-ff tool suite and use xss-me on the page you are auditing. Otherwise you can use Vega to at least detect a potentially vulnerable parameter on a site page, then a framework I like is w3af and you can set an xss expoit using the url and vulnerable parameter you detected through Vega and input your own custom data strings for testing/exploit. I use parrot-sec however Vega, Mantra and w3af are available via kali repos.

d3c0d3r · January 14, 2017, 6:53am

I try Vega, w3af , nikto , burp sanner , OWASP Zed,grabber ,uniscan ,

to me it seems a waste of time…I found nothing no critical vulnerability at all of this scanner not just only informativ raport or low .
now i will try openvas

r1sen · January 14, 2017, 7:35pm

You…do know that for both vega and w3af you should not use the pre-config scan profiles? For w3af you should definitely cofigure each testing parameter under “crawl” , “audit” and so forth, especially if you know about the system you are auditing. The same goes for vega.

d3c0d3r · January 16, 2017, 11:10pm

yes i know … webSpider is still very slow for w3af
In the GUI mode the number req/s goes slowly to zero, but the CPU … This is still not working
I prefer to not use w3af

d3c0d3r · January 17, 2017, 1:57am

I think my question is you use Brup/Zap… etc manual mode and surf … on web page search for vuln
or you use scanner automated to detect vuln
what mode is better ?
i try to undestend … what is better to do for more accurate
to have more success to discovery vuln

l50 · January 18, 2017, 9:02pm

There’s a great burp extension called xssValidator which is pretty good at testing for XSS; it uses phantomjs with intruder. I issued a pull request for a [bash script] (https://github.com/l50/xssValidator/blob/master/buildXssValidatorJar.sh) to install it as well if you’re having trouble, or you can use the puppet module if you’re a puppet user.

pranalimane · December 5, 2018, 6:25am

Find XSS

If you seek a simple project-based tool that will help find cross-site scripting problems across website or a PHP project, Find XSS is one of the most trusted tools that you’d find. Their website offers a detailed explanation on how to get started.

Additionally, there are plenty of other security tools within the website that will help you monitor and detect other security problems.

Free test available
Scans for XSS and SQLi
Option to upload projects
Firefox addons available

R29k · December 11, 2018, 3:17pm

i would say code analysis is the best way for finding xss but no doubt sometimes you need to automate your work for it i will recommend you XSStriker by somdev you will find it on github.

Topic		Replies	Views
Dom based XSS question Starter Zone	6	5151	August 5, 2017
Reflected XSS with Burp Web Hacking	7	3504	July 20, 2020
Tutorial: InjectX to Find XSS Starter Zone	0	25036	November 9, 2015
XSS vs X-XSS and CSP Starter Zone	4	1295	December 25, 2019
Need help with xss Web Hacking	1	2055	August 10, 2020

Testing for XSS

Related Topics