Detecting and Exploiting XSS injections using XSSer Tool |
Detecting and Exploiting XSS Injections using XSSer Tool
Author: Manjunath aka Punter 
See Also
About XSSer Tool
XSSer [Reference 1] is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections  in any website.

In this introductory article I will show you how easy to use the XSSer for Detection and Exploitation of XSS in a vulnerable website.
In action with XSSer
Here we will experiment this tool on following test vulnerable website,

Below are simple steps on using XSSer.
root@punter:/pentest/web# $ svn co xsser

root@punter:/pentest/web# cd xsser

root@punter:/pentest/web/xsser# python -u '' -g 'Search.asp?tfSearch='
-proxy ' -referer '666.666.666.666? -user-agent 'correct audit' -Fuzz -s
XSSer Action Screenshots
After you execute above sequence of commands you can see the results as shown in the sequence of screenshots below.
Screenshot 1:  Testing the vulnerable website for XSS Injections using XSSer
XSS in action
Screenshot 2:  Testing the vulnerable website for XSS Injections using XSSer [Continued]
XSS in action
Screenshot 3:  Final results of XSS Detection operation. You can see that XSSer has already found couple of XSS flaws in our test website.
XSS in action
Exploitation of XSS Injections
In the above screenshot, the text marked in blue indicates attack vector which can trigger XSS Injections on this website. 

Now we can go ahead and manually verfy these injections and it does not take long. 

Below is the screenshot showing successful exploitation of detected XSS Injection.
XSS in action
This article shows how easy to use XSSer tool to detect those hidden XSS flaws in any website using very simple steps. You can rest your brain for the time being while XSSer does all the job for you.
See Also