Automating xss identification with Dalfox & Paramspider

InfoSec Write-ups – Medium–

Cross Site Scripting allows an attacker to inject malicious javascript code in the web application through some parameters and can be escalated further to perform attacks such as cookie stealing , session hijacking etc.

Types of XSS:

  • Reflected XSS
  • Stored XSS
  • DOM Based XSS

How it all started?

I recently got an invite for a private program on BugCrowd and I immediately went through the details and found that all the subdomains are in scope.

So, I went further and started enumerating the subdomains using various tools

amass , sublist3r , subfinder , findomain-linux , , assetfinder and saving result from every tool in txt files.

amass enum -d -o /filepath/subdomains.txt

Then after getting a huge collection of subdomains sorted them uniquely and resolved them with httprobe.

 sort -u subdomains.txt | httprobe > /filepath/uniq.txt

Now it became very difficult for me to check for 50+ subdomains manually by opening them in browser.

Decided to use eyewitness to screenshot every subdomain response.

eyewitness --web -f uniq.txt -d /path_to_save_screenshots

It took few minutes and after that I just wrote a simple script to embed those png screenshots with html so that I can view them directly in my browser.

for I in $(ls); do 
echo "$I" >> index.html;
echo "<img src=$I><br>" >> index.html;

After all of this I found one subdomain from which I decided to proceed with my testing.

I used paramspider to extract the parameters of that subdomain

paramspider -d > /filepath/param.txt

After saving the parameters in the file, automating it with dalfox

dalfox -b file param.txt

and after few minutes of patience I got 10 xss executed.



Automating xss identification with Dalfox & Paramspider was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.

View original article on InfoSec Write-ups – Medium

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s