d4rckh
commented
3 years ago the tool is just a fuzzer, not an xss scanner, maybe a plugin mechanism so you can make your own add-ons and features?
Open jayateertha043 opened 3 years ago
d4rckh
commented
3 years ago the tool is just a fuzzer, not an xss scanner, maybe a plugin mechanism so you can make your own add-ons and features?
Actually the tool can only detect tag based xss payloads, for detecting attribute based xss, we need to analyse context where they payload is reflected.
May be you can add context analysis if required, to reduce false positives(only for attribute based xss).
This applies only for attribute based xss vulnerability .