Femida is automated blind-xss search plugin for Burp Suite.
Installation
Git clone https://github.com/wish-i-was/femida.git
Burp -> Extender -> Add -> find and select blind-xss.py
Also Read – IoT Implant : Toolkit For Implant Attack Of IoT Devices
First of all you need to setup your callback URL in field called “Your url” and press Enter to automatically save it inside config.py file.
After you set it up you need to fill Payloads table with your OOB-XSS vectors, so extension will be able to inject your payloads into outgoing requests.
Pay attantion that you need to set {URL} alias inside your payload, so the extension will be able to get data from “Your url” field and set it directly to your payload.
Behaviours
Femida is Random Driven Extension, so every payload with “1” inside row “Active” will be randomly used during your active or passive scanning. So if you want exclude any payload or parameter/header from testing just change the “Active” value to 0.
Upload
or Add
button.{URL}
parameter in your payloads.Active
row will be manualy equal 1
. (mean it’s active now)Active
row to 0
Add
button or in Target
/Proxy
/Repeater
with right-click.case insensitive
.Active
row to 0
.Extension is able to perform both active and passive checks.
After all is setup you can start using extension. First case is passive checks, so we will cover this process now:
ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…
HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…
SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…
Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…
A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…
LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…