Femida is automated blind-xss search plugin for Burp Suite.
Installation
Git clone https://github.com/wish-i-was/femida.git
Burp -> Extender -> Add -> find and select blind-xss.py
Also Read – IoT Implant : Toolkit For Implant Attack Of IoT Devices
First of all you need to setup your callback URL in field called “Your url” and press Enter to automatically save it inside config.py file.
After you set it up you need to fill Payloads table with your OOB-XSS vectors, so extension will be able to inject your payloads into outgoing requests.
Pay attantion that you need to set {URL} alias inside your payload, so the extension will be able to get data from “Your url” field and set it directly to your payload.
Behaviours
Femida is Random Driven Extension, so every payload with “1” inside row “Active” will be randomly used during your active or passive scanning. So if you want exclude any payload or parameter/header from testing just change the “Active” value to 0.
Upload
or Add
button.{URL}
parameter in your payloads.Active
row will be manualy equal 1
. (mean it’s active now)Active
row to 0
Add
button or in Target
/Proxy
/Repeater
with right-click.case insensitive
.Active
row to 0
.Extension is able to perform both active and passive checks.
After all is setup you can start using extension. First case is passive checks, so we will cover this process now:
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…