xss tool burpXSSVALIDIRTOR (XSS automatically scan)
first step
Installation Environment
Phantomjs Download: http://phantomjs.org/download.html
After downloading the configuration environment variable, this exe in bin directory to environment variable
P plug-in installation
In Extender template burpsuit to find BApp Store, search XSS Validator, to install. As shown below:
Download xss.js
xss.js is phantomJS realization detect xss vulnerability. Download address: https://github.com/nVisium/xssValidator use plug-ins
Use phantomjs run xss.js
C:\xss\phantomjs-2.1.1-windows\bin>phantomjs xss.js
Capture and use the Intruder
Configuration payloads to xssValidator
Configuration options of grep - match
Parameter modification request, and starts the scan xss
View individual results (xss have checked that there are loopholes)
We can see the XSS vulnerability
Remember less is more way of learning is slow fast