1. The environment required for installation
1、Phantomjs
Download: http://phantomjs.org/download.html
After downloading, configure the environment variable, and add the exe in the bin directory to the environment variable
2、xss.js
xss.js is the specific implementation of phantomJS to detect xss vulnerabilities. The download address is: https://github.com/nVisium/xssValidator
After the download is complete, put xss.js in the same folder as phantomjs
Use phantomjs to run xss.js
C:\xss\phantomjs-2.1.1-windows\bin>phantomjs xss.js
- 1
3. XSS Validator plug-in installation
Under the Extender template of burpsuit, find the BApp Store, search for XSS Validator, and install it. As shown below:
2. Use xss Validator to automate XSS testing
1. Use burpsuite to capture packets and send intuder
2. Configuration variables
3. Configure the grep-match of options
4. Configure xss Validator
5. Modify the request parameters and perform XSS automatic scanning
6. View individual results (the ones that are checked are those with xss vulnerabilities)
7. Reproduce in browser
You can see XSS!