Reverse Check still problematic

[geople]

I tried to check after the latest update . python3 xsser --auto -u "http://testphp.vulnweb.com/search.php?test=query" -p "searchFor=XSS&goButton=go" --reverse-check

and in the mean time , I am doing tcpdump on port 19084 .

and I am not able to capture any packet. Is this normal ?

I have also tried python3 xsser --auto -u "https://www.starbucks.com/store-locator?map=38.947636,-94.683637,11z&place=XSS" --reverse-check . There are less results now but no packets received .

[epsylon]

Hey @geople... Are you trying to report something or just telling here things that you believe...until something is (or not) success with your intentions?. Firstly, to report seriously, please try to fill this form: https://github.com/epsylon/xsser/blob/master/.github/ISSUE_TEMPLATE/bug_report.md Secondly, Do you know how network sniffing (even just localhost sniffing) works, really?. I mean, if isn't vulnerable, this "back-socket" will not be open, so...obviously, not any traffic will be reported. But, in the other hand, if is vulnerable, you will see how, after discover it, XSSer will send a second query with a new payload, this time, establishing a reverse connection to a client/server open port: https://github.com/epsylon/xsser/blob/master/core/tokenhub.py , https://github.com/epsylon/xsser/blob/master/core/main.py#L1466 Please, it is very difficult for me to understand this things that you "believe" that are happening on your boxes. Mostly, when you have virtual environments and lack of reading manuals about how their really works...