Greeting Everyone! Hope All Going well In Todays Blog Post we will explore One Of the most Burp extensions which helps to Find XSS easily. This Tool Open source burpsuite offers a feature to customize its behavior and to extend the capabilities To perform Successful Results.
XSS Validator, which automates which detection and validation of XSS issues In Web applications.
What Is XSS Validator?
XSS Validator Which is an easy Extension That Helps to Find Critical Security Issue In Web Application Cross-site Scripting Which has Different Attack Scenario. It works perfectly with the burp intruder in order to capture a successful XSS which regex trigger value.
John Poulin developed it in 2017 Which is an open-source extension that also work with the burp community and a professional version.
How to Setting Up Xss validator for Successfully XSS trigger :
To See Navigate to https://github.com/PortSwigger/xss-validator official page Where You can clone, But We have Another Option Navigate to Your Burp -> Extender -> BApp
Install Now do install After It will successfully install
In the above picture, we see the Panel for XSS Validator which is a different xss payload set and some grep regex value which will Trigger Based on regex If our xss successfully executed .
Note: we can use the server to see the Response of the trigger of our XSS. But we will explore How to Find XSS using the XSS validator.
Now, as Our target, we have http://testphp.vulnweb.com/search.php?test=query Now send this request to the intruder section of your Burp And Time to set the payload position and the attack type, navigate right to the Positions tab, select and hit the add button to set “hello” as the injection point.
As above Picture, we choose Field To run Our XSS hunter As we Add it $$ .
Now We need to configure the Important part Now Navigate to the Payload Section from Your Intruder. And we need to first set the payload type to Extension-generated.
As above picture we set Payload Section Now This will Include all XSS payloads From the XSS validator tool. And we have to Set Select generator -> XSS Validator payload.
As above Picture, we se Till we have done how to set the XSS validator extension from Burp Now We have to move XSS Validator Panel And We will see Grep Match in the Options tab in order to flag the result that encounters a successful XSS.
As above now copy the Regex value and again move to the intruder section Go to the Options phase and add the grep value to grep -match section.
Now we have successfully setup the XSS validator For validating XSS Now Fire Attack button as the Result:
Now It matching our grep Regex value and Our Trigger XSS with Actual result As below picture We see Successfully Validate XSS using XSS validator.
As above see the payload is executing as we desire . XSS Hunter Will make Your Testing phase More easy If You doing Web application VAPT We can’t Serve and test All specific Url So At that point we need such type of tool.
Conclusion: In this Blog we Learn How To Look for XSS Cross site scripting Web Application Vulnerability through XSS validator Which is Open source Burp Extension . Hope this video helpful for You You can utilize XSS Validator Tool when your Doing Testing against Your target .
Thanks For Reading……. See You In Another Blog!
Stick With Our Blog : https://securiumsolutions.com/blog/
Author
Pallab Jyoti Borah
VAPT Analyst