Closed walterdolce closed 8 years ago
Hi, I don't know if I understand you but you have some options to inject code on headers.
--headers=HEADERS Extra HTTP headers newline separated
Also, you can set XSA (Cross Site Agent) or XRS (Cross Site Referer) to apply vectors on that parameteres of HTTP Headers. Is that what you ask?
Hmm. But that would mean I should specify one payload at a time if using the --header parameter is that correct?
What I ask is basically to have xsser do the usual work it does for a query string parameter but for headers.
You can add some 'keywords' to Headers. For example, when manually injection you can add 'XSS' to whatever parameter and it will be changed for a unique hash.
Or if you add PAYLOAD, it is changed by the payload set (which is an Alert() message by default) and if you add VECTOR, it is changed by whole XSS vector.
http://xsser.03c8.net/xsser/url_generation.png
So for example, if you want to inject XSS to: X-Client-IP (HTTP Parameter), you can add it to --headers using that keywords mentioned before...
-- headers=..... X-Client-IP:VECTOR
Is that what you ask?
Cool, thanks for pointing that out. I will try and report back later on.
In the meantime, does xsser make use of a payloads database like xenotix?
I would like to run xsser repeatedly against my target with several attack payloads and not just "alert".
XSSer is using some pre-defined vectors, divided by type of XSS attack, than you can find at: "core/fuzzing/"
You can use it different combinations for exploiting, not just an "alert" box. With ---payload you can build your own discovering code, and with --Fp (Final Payload) or --Fr (Final Remote) you can exploit also your own locally/remotely.
So you should haven't any problem to perform your needs...
Hi, is it possible with
xsser
to automatically send payloads within request headers?One example could be to change the HTTP User-Agent header in a request and send it. The reason I ask is because there are many applications and software packages out there which store such info within their database structure, therefore opening themselves to stored XSS vulnerabilities.
By the look of the parameters which the tool provides I didn't see anything related to this, or am I missing something?
Thanks!