Search

XSS Validator Extension Find Your XSS Easily

Greeting Everyone! Hope All Going well In Todays Blog Post we will explore One Of the most Burp extensions which helps to Find XSS easily. This Tool Open source burpsuite offers a feature to customize its behavior and to extend the capabilities To perform Successful Results.

XSS Validator, which automates which detection and validation of XSS issues In Web applications.

What Is XSS Validator?

XSS Validator Which is an easy Extension That Helps to Find Critical Security Issue In Web Application Cross-site Scripting Which has Different Attack Scenario. It works perfectly with the burp intruder in order to capture a successful XSS which regex trigger value.

John Poulin developed it in 2017 Which is an open-source extension that also work with the burp community and a professional version.

How to Setting Up Xss validator for Successfully XSS trigger :

To See Navigate to https://github.com/PortSwigger/xss-validator official page Where You can clone, But We have Another Option Navigate to Your Burp -> Extender -> BApp

Install Now do install After It will successfully install

In the above picture, we see the Panel for XSS Validator which is a different xss payload set and some grep regex value which will Trigger Based on regex If our xss successfully executed .

Note: we can use the server to see the Response of the trigger of our XSS. But we will explore How to Find XSS using the XSS validator.

Now, as Our target, we have http://testphp.vulnweb.com/search.php?test=query Now send this request to the intruder section of your Burp And Time to set the payload position and the attack type, navigate right to the Positions tab, select and hit the add button to set “hello” as the injection point.

As above Picture, we choose Field To run Our XSS hunter As we Add it $$ .

Now We need to configure the Important part Now Navigate to the Payload Section from Your Intruder. And we need to first set the payload type to Extension-generated.

As above picture we set Payload Section Now This will Include all XSS payloads From the XSS validator tool. And we have to Set Select generator  -> XSS Validator payload.

As above Picture, we se Till we have done how to set the XSS validator extension from Burp Now We have to move XSS Validator Panel And We will see Grep Match in the Options tab in order to flag the result that encounters a successful XSS.

As above now copy the Regex value and again move to the intruder section Go to the Options phase and add the grep value to grep -match section.

Now we have successfully setup the XSS validator For validating XSS Now Fire Attack  button as the Result:

Now It matching our grep Regex value and Our Trigger XSS with Actual result As below picture We see Successfully Validate XSS using XSS validator.

As above see  the payload is executing as we desire . XSS Hunter Will make Your Testing phase More easy If You doing Web application VAPT We can’t Serve and test All specific Url So At that point we need  such type of tool.

Conclusion: In this Blog we Learn How To Look for XSS Cross site scripting Web Application Vulnerability through XSS validator Which is Open source Burp Extension . Hope this video helpful for You You can utilize XSS Validator Tool when your Doing Testing against Your target .

Thanks For Reading……. See You In Another Blog!

Stick With Our Blog : https://securiumsolutions.com/blog/

Author

Pallab Jyoti Borah

VAPT Analyst

Book A Free Demo Class

    Social Media
    Facebook
    Twitter
    WhatsApp
    LinkedIn