Closed monoluser closed 5 years ago
Hi @monoluser With that requests that you have sent in the log, I only ca see that they are arriving correctly to the server and that it return a 200-OK, so network layer is working. Let's make some questions in the way to solve your issue? Are GET parameters correctly formed (http://localhost/vulnerabilities/xss_r/?name=)? Did you tried using 127.0.0.1?. I see that "cookielist: []" on the reply made by server side is empty. Is that correct?. Are you trying to inject into some auht-realm? [..]
Whoa! Thanks for your fast answer.
I don't know whether the parameters are correctly formed, just copied them from #33. What I'm actually looking for is a tool for detecting XSS vulnerabilities in LAN applications, as automatic as possible.
I see @monoluser That user was wrong spelling commands. Check this replies https://github.com/epsylon/xsser/issues/33#issuecomment-438506196 and https://github.com/epsylon/xsser/issues/33#issuecomment-438506826 to that comment. XSSer works on any TCP/IP network. And you have nice automatic methodologies on it.
i also have same problem, my commandline was:
xsser -u "http://10.10.10.10:8008" -g "/vulnerabilities/xss_r/?name=
i find my burp listen on 6000, the http request can not add payload.
Hi @grayguest Can you try to spell your proxy using '127.0.0.1' instead of 'localhost', like "--proxy http://127.0.0.1:6000"?
mostly related: https://github.com/epsylon/xsser/issues/38
I've set up a DVWA instance (http://www.dvwa.co.uk/) and had xsser find vulnerabilities in it. Unfortunately, nothing is found. Maybe I am doing anything wrong? xsser.txt
The commandline was: xsser -u "http://localhost/vulnerabilities/xss_r/" -g "?name=XSS" --cookie="PHPSESSID=14ksro241tdlv03j0poamv7e3m; security=low" --auto --no-head -v