Hello everyone! π
I hope everyone is doing well.
Automating stuff is always fun so why not XSS
Pre-requisites: XSSCrapy
Workflow:-
Choose your target after installing the program mentioned above. Use the Privet Bounty program at βhttps://target.comβ for testing.
This tool is beneficial because no endpoints or subdomains are required.
Time to on XSScrapy and start finding XSS.
Use this command for XSSCrapy
./xsscrapy.py -u https://target.com
Finally, here are the results.
payload detected
Now Letβs Talk How You Can Prevent This
A web Application Firewall (WAF) is the most excellent defense for an online application against any XSS attack.
In order to filter particular online application material and defend against XSS, SQL Injection, File Inclusion, and Security Misconfiguration threats, WAF is an automated solution created using artificial intelligence and machine learning algorithms.
Every time a user sends a request to the web server, the request first travels to the WAF, which filters it, and then the request is delivered to the web server. Similar rules apply to web servers as well. When a web server responds to a user, it first sends the response to a WAF, where it is filtered before being sent to the user.
Thanks for reading!
Hope this was helpful.
Everyone has fun learning!