| |
| |
| Detecting and Exploiting XSS Injections using XSSer Tool |
| Author:
Manjunath aka Punter |
| |
| |
| |
| |
|
|
| |
| |
| |
|
|
|
| |
| |
|
|
|
XSSer [Reference 1] is an open source penetration
testing tool that automates the process of detecting and exploiting
XSS injections in any website.
In this
introductory article I will show you how easy to use the XSSer for
Detection and Exploitation of XSS in a vulnerable website. |
|
| |
| |
| |
|
Here we will experiment this tool on following
test vulnerable website,
http://testasp.vulnweb.com/
Below are simple steps on using XSSer.
|
| |
root@punter:/pentest/web# $ svn co
https://xsser.svn.sourceforge.net/svnroot/xsser xsser
root@punter:/pentest/web# cd xsser
root@punter:/pentest/web/xsser# python
XSSer.py -u 'http://testasp.vulnweb.com' -g 'Search.asp?tfSearch='
-proxy
'http://127.0.0.1:8118? -referer '666.666.666.666? -user-agent 'correct
audit' -Fuzz -s
|
| |
| |
| |
| |
| After you execute above sequence of commands you can see the results
as shown in the sequence of screenshots below. |
| |
| Screenshot 1: Testing the vulnerable website
for XSS Injections using XSSer |
| |
 |
| |
| |
| Screenshot 2: Testing the vulnerable website
for XSS Injections using XSSer [Continued] |
| |
 |
| |
| |
| Screenshot 3: Final results of XSS Detection
operation. You can see that XSSer has already found couple of XSS flaws
in our test website. |
| |
 |
| |
| |
| |
| |
In the above screenshot, the text marked in blue indicates attack
vector which can trigger XSS Injections on this website.
Now we can go ahead and manually verfy these injections and it does not
take long.
Below is the screenshot showing successful
exploitation of detected XSS Injection. |
| |
 |
| |
|
|
| |
|
|
| This article shows how easy to use XSSer tool to
detect those hidden XSS flaws in any website using very simple steps.
You can rest your brain for the time being while XSSer does all the job
for you. |
| |
| |
| |
|
|
|
| |
| |
| |
|
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
