How To Use XSStrike?
Installation
XSStrike is a python script so you don't need to install it and it will run on any platform which has python2.7 and all required modules installed.
You can download XSStrike from its Github Repo.
Using XSStrike
This is the user interface of XSStrike
Now lets start by entering a URL with parameters. For example:
target.com/search.php?q=d3v&type=search
Do you see the highlighted word "d3v"? Well it is used to tell XSStrike that this is parameter I want to focus on. Don't worry if you want to test all the paramteres because Striker will handle that. XSStrike both GET and POST methods.
For now lets supply a URL which uses GET Method.
You will see a menu like this after you enter the target.
So whats up with these weird names? Lets start with the first line which says [+] WAF Status : Offline
Well its a feature of XSStrike, it checks if there's a WAF active on the target. It also has ability to detect WAF
MAIN FEATURES
Fuzzer
Fuzzer checks where and how many time the input is getting reflected. It automatically detects in which context the input is getting reflected, then it tries to break out of the contexts one by one and suggests payloads if successful.
Striker
Striker simply bruteforces XSS payloads into all the parameters one by one. Requests are delayed automatically if a WAF is active. All the payloads are carefully crafted by me for breaking common contexts and bypassing filters and WAFs.
Spider
Striker finds all the links present on the homepage of the target. After that, it finds all the HTML forms in those pages and checks if they are vulnerable to XSS.
Ninja
Ninja can be used to check what is allowed/blocked by the filter/WAF. So basically you can say it reverse engineers the rules of filter/WAF. It also measures of the strength of the filter and suggests payloads on the basis of the rules of the filter. It gives a beutiful table as the output.
Hulk
It has a list of polyglots and solid payloads, it just enters them one by one in the target parameter and opens the resulted URL in a browser window.
Using POST method
Testing a target which uses POST method is a piece of cake. Just enter the URL and POST data, as simple as that.
It has a list of polyglots and solid payloads, it just enters them one by one in the target parameter and opens the resulted URL in a browser window.
Using POST method
Testing a target which uses POST method is a piece of cake. Just enter the URL and POST data, as simple as that.