Exploiting XSS with XSS Validator
While XSS is already detected by various tools such as Burp, Acunetix, and so on, XSS Validator comes in handy. It is the Burp Intruder and Extender that has been designed to automatically validate XSS vulnerabilities.
Note
It is based on SpiderLabs' blog post at http://blog.spiderlabs.com/2013/02/server-site-xss-attack-detection-with-modsecurity-and-phantomjs.html.
Getting ready
To use the tool in the following recipe, we will need to have SlimerJS and PhantomJS installed on our machines.
How to do it...
The following steps demonstrate the XSS Validator:
- We open up Burp and switch to the
Extendertab:
- We then install the
XSS Validatorextender:
- Once the installation is done, we will see a new tab in the Burp window titled
xssValidator:
- Next, we install PhantomJS and SlimerJS; this can be done on Kali with a few simple commands.
- We download both the PhantomJS file from the internet using
wget:
sudo wget https://bitbucket.org/ariya/phantomjs/downloads/
...
