Xsser calls not found on every parameter

epsylon / xsser

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

https://xsser.03c8.net

1.11k stars 235 forks source link

Xsser calls not found on every parameter #84

Closed sasoriakasuna closed 7 months ago

sasoriakasuna commented 7 months ago

I have this application:

http://localhost:9080/foo/index.jsp

I checked the post method through burp suite.

imagen

So my post method is :foo/login

When i run xsser the app allways send 404:

imagen

this is my command

docker run -it --rm --name xsser xsser -u "http://localhost:9080/foo/login" -p "uuu=XSS&ppp=XSS"

Im am doing it wrong? i already tested the xsser dockerized on oswap and somekind pentesting labs and works like a charm, but right now im lost.

Thanks for your time in advice

epsylon commented 7 months ago

@sasoriakasuna it looks something related with "localhost" connection and your docker container.

When i run xsser the app allways send 404:

You can check that packages are reaching your target with: --head

Also you should increase verbosing to see the requests in a similar way than the Burp image that you have attached:

--verbose

And/or try it with: --ignore-proxy

ex: docker run -it --rm --name xsser xsser -u "http://localhost:9080/foo/login" -p "uuu=XSS&ppp=XSS" --ignore-proxy --verbose

sasoriakasuna commented 7 months ago

Sadly thats not the problem, for some reason the not found error stills there i really tried anything, theres is a configuration that im missing or something?

if i curl into the docker kali linux image im getting a response, but for some reason xsser dont