Hello everyone! 😄
I hope everyone is doing well.
Automating stuff is always fun so why not XSS
Choose your target after installing the program mentioned above. Use the Privet Bounty program at “https://target.com” for testing.
This tool is beneficial because no endpoints or subdomains are required.
Time to on XSScrapy and start finding XSS.
Use this command for XSSCrapy
./xsscrapy.py -u https://target.com
Finally, here are the results.
Now Let’s Talk How You Can Prevent This
A web Application Firewall (WAF) is the most excellent defense for an online application against any XSS attack.
In order to filter particular online application material and defend against XSS, SQL Injection, File Inclusion, and Security Misconfiguration threats, WAF is an automated solution created using artificial intelligence and machine learning algorithms.
Every time a user sends a request to the web server, the request first travels to the WAF, which filters it, and then the request is delivered to the web server. Similar rules apply to web servers as well. When a web server responds to a user, it first sends the response to a WAF, where it is filtered before being sent to the user.
Thanks for reading!
Hope this was helpful.
Everyone has fun learning!