Working with XSS-Loader Tool on Kali Linux OS
Example 1: BASIC PAYLOAD
Select Option 1 -> BASIC PAYLOAD
In this Example, We are generating a Basic Payload for XSS.
Select Option 20 -> MUTATION PAYLOAD
The tool has generated the Mutational Payload.
Example 2: ENTER YOUR PAYLOAD
Select Option 6 -> ENTER YOUR PAYLOAD
In this Example, We are specifying our own custom payload.
We have given our custom payload as input to the tool.
Select Option 1 -> UPPER CASE
We are changing our payload from Lower Case to Upper Case.
Our Custom Payload is changed from Lower Case to Upper Case.
Example 3: XSS SCANNER
Select Option 7 -> XSS SCANNER
In this Example, We are testing the target domain for XSS Security Flaw.
Target URL -> http://testphp.vulnweb.com/search.php?test=query
We have specified the target domain URL.
Select Option 1 -> BASIC PAYLOAD LIST
We are using the Basic Payload List which will be tested on the target domain.
The testing process is started.
Example 4: XSS DORK FINDER
Select Option 8 -> XSS DORK FINDER
In this example, We will be using the XSS Dork Finder for Advanced Search.
XSS-Loader – XSS Scanner and Payload Generator
Cross-Site Scripting or XSS vulnerability is the flaw included in the OWASP Top 10 Vulnerabilities. In this Security Flaw, the Attacker generates a malicious JavaScript Payload code that has the intention to steal the cookies of the victim or to perform an account takeover. Sometimes this Flaw can create a severe problem on the back end of the web application. The malicious code is passed through user inputs, parameters, uploaded files, etc. If the information is handled properly before sending it to the webserver, then the application can be saved from an XSS attack.