Greeting Everyone ! Hope All Going good In Todays Blog Post we will explore One Of most Burp extension which help to Find XSS easily . This Tool Open source burpsuite offers a feature to customize its behaviour and to extend the capabilities To perform Successful Result .
XSS Validator, which do automates which detect and validation for XSS issue In Web application .
What Is XSS Validator?
XSS Validator Which is easy Extension Which Help to Find Critical Security Issue In Web Application Cross site Scripting Which has Different Attack Scenario . which works perfectly with the burp intruder in order to capture a successful XSS which regex trigger value .
John Poulin developed it in 2017 and Which is open source extension which also work with burp community and professional version.
How to Setting Up Xss validator for Successfully XSS trigger :
To See Navigate to https://github.com/PortSwigger/xss-validator official page Where You can clone , But We have Another Option Navigate to Your Burp -> Extender -> BApp
As above picture we see install Now do install After It will successfully install
As above picture we see Panel for XSS Validator which is different xss payload set and some grep regex value which will Trigger Based on regex If our xss successfully executed .
Note: we can use server for see the Response of trigger of our XSS .But we will explore How to Find XSS using XSS validator .
Now , as Our target we have http://testphp.vulnweb.com/search.php?test=query Now send this request to intruder section of your Burp And Time to set the payload position and the attack type, navigate right to Positions tab, select and hit the add button to set “hello” as the injection point.
As above Picture we choose Field For run Our XSS huntyer As we Add it $$ .
Now We need to configure Important part Now Navigate to Payload Section from Your Intruder . And we need to first set the payload type to Extension-generated.
As above picture we set Payload Section Now This will Include all XSS payload From XSS validator tool . And we have to Set Select generator -> XSS Validator payload .
As above Picture we se Till we have done how to set XSS validator extension from Burp Now We have to move XSS Validator Panel And We will see Grep Match in the Options tab in order to flag the result that encounter a successful XSS.
As above now copy Regex value and again move to intruder section and Go to Options phase and add grep value to grep -match section
Now we have successfully setup XSS validator For validating XSS Now Fire Attack button as Result :
Now It matching our grep Regex value and Our Trigger XSS with Actual result As below picture We see Successfully Validate XSS using XSS validator
As above see the payload is executing as we desire . XSS Hunter Will make Your Testing phase More easy If You doing Web application VAPT We can’t Serve and test All specific Url So At that point we need such type of tool .
Conclusion: In this Blog we Learn How To Look for XSS Cross site scripting Web Application Vulnerability through XSS validator Which is Open source Burp Extension . Hope this video helpful for You You can utilize XSS Validator Tool when your Doing Testing against Your target .
Thanks For Reading……. See You In Another Blog!
Stick With Our Blog : https://securiumsolutions.com/blog/
Author : Pallab Jyoti Borah | VAPT Analyst