This tool really helpful and time saving. it’s just give us a hint of weakness points in the CSP So that we can move forward to focus of this weakness to get an xss. ppl really dont even wanna read about the tool to understand what’s the tool purpose and what’s doing for us to use it correctly.
I was testing a web app and I injected a simple XSS alert(); but after reading the source, i noticed that the dangerous character were swapped with HTML escape character, for example "
Generally they are considered to be safe! However there are certain scenarios where we can still get xss if the mitigation is weak or if it the value is reflecting in some interesting areas( like within a js code etc)
Hey you did not specify the "title" parameter, how did the tool show that parameter is vulnerable without you specifying the parameter in the syntax? did it check other parameters that are there in the url already or am i missing something?
Normally people already know what is xss-dom-reflected...etc...Please next time go straight to the point/pentest to the live target. Thanks for the video,keep it up
@@BePracticalTech you are created you own server and add the path where you setup the T.txt file . Instead we also do like same thing in blind xss payload also . Like
He want to say like he gives his blind xss payload and then check for xss but it doesn't make any sense he can try manually also for blind xss @@BePracticalTech
@@Max-mz3is As I have mentioned in the video, this tool is not your typical xss automation tool. It is more like fuzzing the xss payload's components like tags, events etc However, if you want to automate xss with this tool then you can use the xss payloads file and it will work without any issues. I would suggest you to watch the whole video and understand how to use this tool
xssFuzz: github.com/Asperis-Security/xssFuzz/
I love the way you teach and also use real website for it ❤
This tool really helpful and time saving. it’s just give us a hint of weakness points in the CSP So that we can move forward to focus of this weakness to get an xss. ppl really dont even wanna read about the tool to understand what’s the tool purpose and what’s doing for us to use it correctly.
Amazing! I really enjoyed the whole video and took notes. I will be using this tool soon. Keep doing the great work :)
Really glad that you liked the video, Thanks for the support!!
finally found a video where the youtuber is not saying to test out random payloads
Very good" More videos on xss stored.
Great! 👍 Got to learn new technique
I am glad!
Form your video I learn new thing osm
Glad to hear that
I was testing a web app and I injected a simple XSS alert(); but after reading the source, i noticed that the dangerous character were swapped with HTML escape character, for example "
Generally they are considered to be safe! However there are certain scenarios where we can still get xss if the mitigation is weak or if it the value is reflecting in some interesting areas( like within a js code etc)
This is like generation base fuzzing. But its not enough to break sanitizer waf. You can add more mutation strategies.
We'll release more new features in the upcoming versions
nice video... thank you very much
great content
Hey you did not specify the "title" parameter, how did the tool show that parameter is vulnerable without you specifying the parameter in the syntax? did it check other parameters that are there in the url already or am i missing something?
Exactly, it will check all the parameters and then start testing the one which is not handling the dangerous chars properly
can you give me that index code that you have used to execute xss
Make a video on dom base xss please
can u rcm me the book or course tutorial for ctf web exploit
is it possible to test multiple urls at a time, kindly suggest
@@musabsk I believe Asperis Security will release this feature in the next version!
It accept payload like: ">alert(1) ???
Yes
Normally people already know what is xss-dom-reflected...etc...Please next time go straight to the point/pentest to the live target. Thanks for the video,keep it up
Should we do it by giving blind xss payload also
Please elaborate
@@BePracticalTech you are created you own server and add the path where you setup the T.txt file . Instead we also do like same thing in blind xss payload also . Like
He want to say like he gives his blind xss payload and then check for xss but it doesn't make any sense he can try manually also for blind xss @@BePracticalTech
❤❤❤❤ love u bhai
Sir which vps u r using?
Contabo
First 🥇
give you xss payloads
@@lakshaygamerlt4032 There are cusom payloads already present in the tool
this tool doesn't work and not reliable at all try to run it against testphp it doesn't come up with basic xss such crap
@@Max-mz3is As I have mentioned in the video, this tool is not your typical xss automation tool. It is more like fuzzing the xss payload's components like tags, events etc
However, if you want to automate xss with this tool then you can use the xss payloads file and it will work without any issues.
I would suggest you to watch the whole video and understand how to use this tool