Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to detect get mode in BruteXSS

2025-01-22 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)05/31 Report--

This article mainly analyzes the relevant knowledge points of how to carry out get detection in BruteXSS, the content is detailed and easy to understand, the operation details are reasonable, and has a certain reference value. If you are interested, you might as well follow the editor and learn more about "how to detect get in BruteXSS".

BruteXSS introduction:

BruteXSS is a very powerful and fast cross-site scripting violence injection. It is used to violently inject a parameter. The BruteXSS is vulnerable to XSS vulnerabilities by loading multiple payloads from the specified thesaurus for injection and using the specified payloads and scans to check these parameters. Thanks to the very powerful scanning function. When performing a task, BruteXSS is very accurate and rarely misses. BruteXSS supports POST and GET requests, adapting to modern Web applications

Download address:

Https://github.com/ym2011/penetration/tree/master/BruteXSS

Experimental environment:

Python 2.7

Raspberry pie + apache2

Ip:192.168.99.147

The steps of the experiment:

Under the www directory, create a test page with xss vulnerabilities: xssdemo.php

The effect of access test is shown in the figure.

2. Use BruteXSS to test the PARAM parameters in this page.

1) run the tool:

Python brutexss.py

2) Select the parameter request method: get is used here.

3) enter url: http://192.168.99.147/xssdemo.php?PARAM=

4) Select a dictionary file: wordlist-small.txt is used here

The test process and results are shown below

This article mainly analyzes the relevant knowledge points of how to carry out get detection in BruteXSS, the content is detailed and easy to understand, the operation details are reasonable, and has a certain reference value. If you are interested, you might as well follow the editor and learn more about "how to detect get in BruteXSS".

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report