Femida is automated blind-xss search plugin for Burp Suite.
Installation
Git clone https://github.com/wish-i-was/femida.git
Burp -> Extender -> Add -> find and select blind-xss.py
Also Read – IoT Implant : Toolkit For Implant Attack Of IoT Devices
First of all you need to setup your callback URL in field called “Your url” and press Enter to automatically save it inside config.py file.
After you set it up you need to fill Payloads table with your OOB-XSS vectors, so extension will be able to inject your payloads into outgoing requests.
Pay attantion that you need to set {URL} alias inside your payload, so the extension will be able to get data from “Your url” field and set it directly to your payload.
Behaviours
Femida is Random Driven Extension, so every payload with “1” inside row “Active” will be randomly used during your active or passive scanning. So if you want exclude any payload or parameter/header from testing just change the “Active” value to 0.
Upload
or Add
button.{URL}
parameter in your payloads.Active
row will be manualy equal 1
. (mean it’s active now)Active
row to 0
Add
button or in Target
/Proxy
/Repeater
with right-click.case insensitive
.Active
row to 0
.Extension is able to perform both active and passive checks.
After all is setup you can start using extension. First case is passive checks, so we will cover this process now:
This repository contains tools created by yogSahare0 while learning Python 3 for ethical hacking and penetration testing.…
"NetSecChallenger" provides a suite of automated tools designed for security professionals and network administrators to…
The essential tool for cybersecurity enthusiasts! This guide provides a detailed walkthrough on how to…
Meet "Poodone," the ultimate Python script designed for cybersecurity enthusiasts and professionals alike. Packed with…
The Linux version is no longer supported! The last Linux version is 6.0 that you…
Jin is a hacking command-line tools designed to make your scan port, gathering urls, check…