You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: Xss.md
+34-1
Original file line number
Diff line number
Diff line change
@@ -1,4 +1,4 @@
1
-
# Methods
1
+
# Reflected Xss Methods
2
2
Many methods out in wild but here are few most common , but not limited.
3
3
4
4
### 1. Using Burp
@@ -12,3 +12,36 @@ Many methods out in wild but here are few most common , but not limited.
12
12
2. Filter the parameters using `grep "="` or gf patterns and store it in a new file.
13
13
3. Now run [kxss](https://github.com/tomnomnom/hacks/tree/master/kxss) or [bxss](https://github.com/ethicalhackingplayground/bxss/) on that new file.
14
14
4. Check Reflected Param Manually or use some tool like [dalfox](https://github.com/hahwul/dalfox)
15
+
16
+
### 3. Using Google Dorks
17
+
1. Using Google Dork `site:target.com` filter the result
18
+
2. Now search for links which have params by adding more dorks something like `site:target.com inurl:".php?"` or `site:target.com filetype:php` etc
19
+
you can find some dorks at this link [https://www.openbugbounty.org/blog/devl00p/top-100-xss-dorks/](https://www.openbugbounty.org/blog/devl00p/top-100-xss-dorks/) or google it out.
20
+
3. Check if the param value is getting reflected in html source code
21
+
4. Try Xss payload there or pass it to some tool
22
+
23
+
### 4. Find Hidden Variables In Source Code.
24
+
1. Check Javascript file or html Source file for hidden or unused variables
25
+
2. You can Manually Check Right Click View Page Source and search for `var=` , `=""` , `=''`.
26
+
3. Now Append that to webpage urls. For example `https://example.com?hiddenvariablename=xss`.
27
+
28
+
### 4. Other Methods
29
+
1. Use Methods 1 or 2 to Gather the urls
30
+
2. Enumerate the Firewall using [https://github.com/Ekultek/WhatWaf](https://github.com/Ekultek/WhatWaf) or other similar tool.
31
+
3. Find WAF bypass payload on twitter by searching or in this Github Repo [https://github.com/0xInfection/Awesome-WAF](https://github.com/0xInfection/Awesome-WAF)
32
+
4. Also Use [Arjun](https://github.com/s0md3v/Arjun) to find hidden params.
33
+
34
+
# Stored Xss Methods
35
+
Stored Xss are mostly found manually
36
+
1. Enumerate the Firewall using above Methods and select a payload to test accordingly.
37
+
2. Try that selected WAF bypass payload while registering on a site in fields like username, name, address, email, etc.
38
+
3. Try Payload in File name of profile picture.
39
+
4. Try in Comment section anywhere on target site.
40
+
5. Try on every input fields which get reflected in page and which can be seen by other users.
41
+
42
+
# Blind Xss
43
+
Similar to Reflected Xss Or Stored Xss But you Dont get any reflection, but you get response on you server.
44
+
45
+
1. Similar methods As given above except try putting payload which can give a callback on your server when executed.
46
+
2. You can Used [https://xsshunter.com/](https://xsshunter.com/) or Use burpcollaborator or ngrok.
47
+
3. Try it on contact forms or similar functionality.
0 commit comments