In this article, we are telling you about the XSS Automated Testing Tool like we have given you some articles on cross site scripting attacks earlier, but you have to do all of that manually.
In such a way it becomes a little difficult to do everything manually, in this article, we are telling you about some XSS Automated Testing Tools that can now be used for bug hunting using this article can be very useful for you.
Here we are telling you by doing both XSS attack Automated Testing Tool burp suite and kali linux, this article can be a bit big but if you read this article properly, it can be very useful for you.
Here we are not telling you the theory about cross site scripting because you have been told about cross site scripting before, if you have not read our articles, you can also read them.
Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.
Also Read
Github dorking and github recon
Common vulnerabilities and exposures cve
XSS Automated Testing Tool in Burp Suite ?
Here we are telling you three methods of XSS Automated Testing Tool in Burp Suite, one of which method has been told to you earlier, how you can do it with the help of intruder if you have not read our article about subdomain enumeration and subdomain bruteforce.
Useful Links for You
https://xss-game.appspot.com/level1
https://github.com/payloadbox/xss-payload-list
XSS validator
Just as you have told about subdomain bruteforce in an article with subdomain enumeration and subdomain bruteforce, similarly you can also use cross site scripting attack payloads together in an automated method.
https://github.com/PortSwigger/xss-validator
First of all, you are being told about the XSS Automated Testing Tool XSS validator extension as you can see in the image, first of all you have to install this extension.
After doing all this, you have to first capture anything on your target website by searching normally anything like here we have used a website created for a testing purpose.
After doing all this, you have to intercept on the request and capture it as you can see in the image, just like when you find XSS on some kind of live website there is also to do the same.
After doing all this, you have to send this request to intruder and where you are looking for XSS, you have to add it with dollar as you can see in the image and you have been told earlier.
After doing all this, you have to select the XSS Validator in the option of payloads, if you want, you can also start a direct start attack by giving payloads here as we have done in the subdomain bruteforce.
But the more methods you know about doing a single attack, the more helpful it is for you, so here we are telling you about the XSS Automated Testing Tool, which you will also like.
After doing all this, you have to uncheck the payload encoding as you can see in the image, you have to follow all the same steps only then your XSS Automated Testing Tool works correctly.
After doing all this, you have to do some setting in greph match in this way, you get it in XSS Validator, you also have to do something similar here, if you miss a single step, you may get an error.
After doing all this, you have to check something like this in grep payloads, here you have to keep in mind that as you are being told the setting here, you also have to do the same thing after that, after that you can click on the start attack.
As you can see in the image, whatever payload is reflected when you start an attack here, it is shown in such a way that here you must be thinking that we have not given payloads in such a way, how come payloads have come here automatically?
All these payloads are available to you in XSS Validator, as well as you can use more payloads here, you are also given a list of payloads here, you can use as many payloads as you want here.
Sentinel
In this way, you get the XSS Automated Testing Tool sentinel which you can use, here we want to tell you one thing, here only by default payloads are used. https://github.com/PortSwigger/sentinel
But it can also be very useful if you use it properly, in such a way it can be very useful for you, first of all you have to install this extension like we have done before.
After doing all this, you have to add your scope to the scope as you can see in the image, by filtering here you can also show the urls with add to scope as if you are showing the filter options above.
After doing all this you have to go to the option of match and replace as you can see in the image here it means that wherever freelearningtech burp suite gets it automatically replace it with payload.
After doing all this you can see by capturing the request, in our case we have used freelearningtech, in your case it can be anything like Cross site scripting or xss or any of your words that you use.
As you can see in the image, as soon as request capture, the burp suite has replaced the automatic freelearningtech with payload, here you find a way in sentinel, here on any website you search freelearningtech, it is replace automatically payload only.
In the same way, we have captured the request again here, here we have searched by writing bughunting, if it was written freelearningtech, in such a way the burp suite would replace itself with payload so we have used bug hunting here.
After doing all this, you have to right click the request to send to sentinel, as you can see in the image, in the sentinel, the request is shown to you in this way, here you have to click on send.
After this, you have to tick the checkbox and click go, in such a way you will be able to see your attack starts as if you can see in the image, this tool automatically uses payloads on the target website.
XSS automated testing tool in kali linux ?
Let us now tell you about the xss automated testing tool in kali linux, here we are telling you about the same tool, other than this you get more such xss automated testing tool that you can use.
Here we are telling you about the xss automated testing tool, its name is XSStrike which you can find on github’s website, here it is very easy to use xss automated testing tool.
You can install this tool by downloading it in this way, after this you can use this tool, in some way you can check the help of this xss automated testing tool XSStrike.
After doing all this, you just have to set the target in this way, here we have used only the website created for testing purpose, you get the tasks on this website, which you can do.
If you encounter any error in passing all the levels of this website, in such a way, you can tell us in a comment that we will also tell you how to complete all the tasks by an article.
As you can see in the image, the XSS payload found through XSStrike works correctly. If you want, you can also use your list of XSS payloads here, which is being provided to you.
XSS automated testing tools For Kali linux
- https://github.com/chefstev/XsSpotter
- https://github.com/s0md3v/XSStrike
- https://github.com/secdec/xssmap
- https://github.com/gbrindisi/xsssniper
- https://github.com/faizann24/XssPy
- https://github.com/MariaGarber/XSS-Scanner
The Conclusion
I hope that now you can understand about XSS Automated Testing Tool. We have also told you here with the help of XSS Automated Testing Tool burp suite as well as xss automated testing tool in kali linux.
Here we want to tell you one thing, the website that we have used here, you get different levels on that website, as well as you get hints too, if you still have any problems in completing the level, then tell us in comment section
If you use the methods described here correctly, then this xss automated testing tool can be very useful for you, so you must try and bug hunting.
Before reading this article, you must read our earlier articles, where you have been told a lot about cross site scripting, if you have any kind of question, then you can ask in the comment.
Subscribe to our blog for latest updates
Sharing is Caring
Thankyou
Leave a Reply