A Smart Fuzzer and bruteforcer for XSS 2017 -: python XSStrike.py

A Smart Fuzzer and bruteforcer for XSS  2017  -: python XSStrike.py

xsstrike

    Namskar Dosto  .. mai hu Vishal TechxByte.In Se .. Aaj Hm Janenge XSS Vulnerability Ke Bare Mai  & A Smart Fuzzer and bruteforcer for XSS Jo Kali Linux Tool Hai  .. To Chliye Shuru Krte Hai  ...

 INTRUDUCTION  --:


        XSS ( Cross Cript Scripting ) Es Se Website Ko Hack Kiya  Jata Hai ..  Kuch Saal Phile Facebook , Google Jaisi Bdi Websites Bhi Eska Shikaar Hui Hai ..


 Ye Attack Un Websites Pe Hota Hai Jo Users Se Unsanitized Data Leti Hai .. Aap Comment Box Mai Malicius Script Embed  Kr Skte Hai ,,


   Jb Koi Aapke Link Ke Upr Click Krega Tb Aapki Link Execute Ho Jayegi ...


XSS Attack Se Aap User Ke Browser Se Cookies Session Token and dusre importent Information Chura Skte Hai ..


FOR EXAMPLE   --:


   SCRIPT IS --:


< script>
function cn(){prompt("Enter Your FACEBOOK EMAIL ID ","");}< /script>< input type="button" onclick="fb()" value="CLICK HERE TO SIGN UP"> 



Ye Script Kuch Es Trike Se Kaam Kregi ..





To Chliye Aaj Ka Real Tutorial Start Krte Hai ...






About XSStrike TOOL ( Kali Linux )  --:

   XSStrike ye ek Python Script Design Tool Hai .. jo Xss Vulnerabilities Ko Find Krta Hai ...

Eske Features --:

1. Fuzzes a parameter and builds a suitable payload
2. Bruteforces paramteres with payloads
3. Has an inbuilt crawler like functionality
4. Can reverse engineer the rules of a WAF/Filter
5. Detects and tries to bypass WAFs
6. Both GET and POST support
7. Most of the payloads are hand crafted
8. Negligible number of false positives
9. Opens the POC in a browser window

  Installation Process --:

  Step 1 -:  Kali Linux Terminal Open Kro And Agr Aap New Hai To Ye Commands Copy Pest Kre ...

                       1 )    cd Desktop

                2 )    git clone https://github.com/UltimateHackers/XSStrike.git

                 3 )  ls

                        4 )  cd XSStrike

xss

                5 )  ls 

                6 )  python xsstrike

 Ab XSStrike Tool Terminal Mai Chalu Ho Jayega ...

 WORKING PROCESS --:

   

STEP 1 --: Enter The Target URL Mai Aapko Koibhi 

                   Vulnerability Links  Daalni Hai Like                        .php?id=1 And Eske Jaise Dusre ...

Vulnernable Link

STEP 2 --: Enter Cookies Ayega Tb 2 Daale Tb Fuzzer , Striker

                    Ninja , Hulk Jiaise Options Ayenge Aapko Konsa 

                                           Chliye Wo Aap Le Skte Ho ..

XSStrike Searching

Step 3 --:  Ab Option Choose Krne Ke Baad Enter Click kro Tb Scan 

                      Start Ho Jayega And Aapko Kuch Sites Pe Injected Payload 

                                        Milega ..

Payload 1

& 

payload 2

Step 4 --:    Us Payload Ko Copy Kr Lijiye And Jo Link Hai Uske 

                              Last Mai Daale Like This Techxbyte.in/(Edr copy Kiya  hua payload)  And Enter Dba De  ..Dhyan rakhe  Unsecure Connection Aayega  Aap Unsafe Mode Se Ye Try Kre ..

Unsafe reload in Parrot os

Step 5 --:  Ab Aap Ke Saamne Warning Outfit Ayega Tb Smj Lena  Aapka Payload Attack Successfully Hua Hai ..

found Payload

 xss payload milne ke baad --:     Guys Agr Apko Kisi

 Bhi Website Mai Xss Payload Milta Hai To Aap Us Website Ko 

  Unke Email Se Contect Kr Skte Hai .. And Unhe Ye Vulnerability Ke Bare Mai Bta De ... Bdle Mai Aapko Hall Of Fame, Gift  Ya Kuch Money Mil Jayegi ..

Note -: Ye Silf Ek Tool Hai ..AApko Payload Dundneke liye Khi Sare Websites Dundni Pdegi Google Dork Se Bhi .. AapKo XSS ,SQL Knowledge Hai To Aap Aaram Se Website Find Krke Payload Dund Skte Hai ... Mai Aapko Ye Sb Sikhne Ke Liye Ek Website Suggest Krunga ...   Securityidiods Jo Bhut Kmmalki Website Hai ...

Guys Aaj Ke Liye Silf Etnahi .. Ummid Hai Aapko Psnd Aya Hoga  .. To Milte Hai Agli Post Mai ..  Post Psnd AYi Ya Kuch Problem Aa Rhi Hai To Comments Mai Btao Yaaro .. 

                                                                -VISHAL PATIL 

VIDEO PROOF --:

     

                         

Author : XDA HACKS

Share this

Related Posts