LewisArdern
commented
2 years ago This would also be good to include the ability to capture the URLs where the XSS happened so you can use it for future automated attacks, e.g.
- You use the craft URL where the bXSS hit previously in a known vulnerable component used widely
- You can data-mine parameters that were once vulnerable and use that for future 'this has been vulnerable in the past' or something of that nature.
Currently its just console log, if this was to be effectively used by a blue team, need to configure something such as winston.