What is Blind XSS?
It is a type of stored XSS where attackers input is saved by server and is reflected in a totally different application used by system admin/team member.
Tools you can use for Blind XSS:
Currently I use the web version of XSShunter for finding Blind XSS.There are few other tools which you can use:
- ezXSS(has 2FA, email reports, share reports feature)
- bXSS(Has slack/sms notification feature)
- KNOXSS(has email feature)
- Burp Collaborator
I use the web version of XSShunter as I don’t have patience to setup the tool on my server:) Its free of cost and you can set it up by visiting XSShunterwebsite .Enter all the mandatory fields, in the Custom Subdomain text box you can enter any 2–3 characters.(You are not supposed to enter your website URL here🙂).With that you should be set to use the tool.
So where do you get the payloads from and where do you spray the payloads?
Within XSShunter there is a tab for payloads,You can get all the payloads from there and its better to have a copy of all the payloads locally with you so that you can use/spray it when you need it.
Now moving to questions about where to spray these payloads, this has been discussed on twitter/slack a lot of times.Here are few tips from top BB hunters.