# 4.5 Identifying & Exploiting XSS with XSSer

{% embed url="<https://github.com/epsylon/xsser>" %}

{% embed url="<https://www.kali.org/tools/xsser/>" %}

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

It provides several options to try to bypass certain filters and various special techniques for code injection.

XSSer has pre-installed \[ > 1300 XSS ] attacking vectors and can bypass-exploit code on several browsers/WAFs:

## Lab

XSS Reflected - DNS Lookup -> <https://localhost/mutillidae/index.php?page=dns-lookup.php>

<figure><img src="https://1357648772-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FesKkkNq5JVqzRLKWf4Ug%2Fuploads%2FhCfBJ9XowUjE9Hv3Iwi1%2Fimage.png?alt=media&#x26;token=0382bf8e-38aa-42f3-a585-4feaef047709" alt=""><figcaption></figcaption></figure>

Trying to insert and execute a standard payload: \<script>alert("XSS")\</script> I can't write all text for shorter input lenght, in addition i receive this error only writing \<script> tag:

<figure><img src="https://1357648772-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FesKkkNq5JVqzRLKWf4Ug%2Fuploads%2Fw7aMyhINjx9Czrhf4W9U%2Fimage.png?alt=media&#x26;token=0367f968-ab5e-4a40-a8c8-4f0bfe12852d" alt=""><figcaption></figcaption></figure>

Then, capturing the request using Burp Suite we can prepare a payload to give to xsser

<figure><img src="https://1357648772-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FesKkkNq5JVqzRLKWf4Ug%2Fuploads%2FLkuT3q1U40P3QfYlrSDl%2Fimage.png?alt=media&#x26;token=7458c6f1-e630-48c8-a167-e4757a521b1c" alt=""><figcaption></figcaption></figure>

The type of command that we need is this: xsser --url "<<http://website.com>" -p "payload (request that we want to test, changing the target\_host value with XSS instead of example)"

```bash
xsser --url "https://localhost/mutillidae/index.php?page=dns-lookup.php" -p "target_host=XSS&dns-lookup-php-submit-button=Lookup+DNS"
```

<figure><img src="https://1357648772-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FesKkkNq5JVqzRLKWf4Ug%2Fuploads%2Fa69SZmGI9OTT0oXS7fyu%2Fimage.png?alt=media&#x26;token=bdca3e6f-6670-4278-99dd-338715e43da9" alt=""><figcaption></figcaption></figure>

#### Active GUI mode

There's a XSSer GUI mode that facilitate the utilize, activable with  flag --gtk

`xsser --gtk`

<figure><img src="https://1357648772-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FesKkkNq5JVqzRLKWf4Ug%2Fuploads%2Fkr72M4DrxzGkMUsNFFlk%2Fimage.png?alt=media&#x26;token=30068001-27e1-4b85-9054-1a34fbe9c8c5" alt=""><figcaption></figcaption></figure>

## Other tools

* [XSSStrike](https://github.com/s0md3v/XSStrike): Very popular but unfortunately not very well maintained
* [Dalfox](https://github.com/hahwul/dalfox): Extensive functionality and extremely fast thanks to the implementation in Go
* [XSpear](https://github.com/hahwul/XSpear): Similar to Dalfox but based on Ruby
* [domdig](https://github.com/fcavallarin/domdig): Headless Chrome XSS Tester


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://dev-angelist.gitbook.io/ewptv2-notes/readme/system-security-1/4.5-identifying-and-exploiting-xss-with-xsser.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.