in this blog, I will show you how you can use a proxy to perform the XSS attack or automate the XSS attack at some level, to get started with this you will need a proxy you can either use BurpSuite or owasp zap. both are very good. Burp suite comes with both free and paid version if you are experienced and have hacking knowledge than its good to purchase the paid version called burp suite pro. owasp zap proxy is free so you can use it without paying but for this, I will show you Burp suite. Burp is more popular and it’s more user-friendly.
How to setup Burp proxy with HTTP and HTTPS
if you are using any OS for pentester like Kali Linux or parrot security burp free version will be preinstalled. if you are using windows, mac or any other Linux based os you can download the free version from here.
Once you have Burp suite installed open it and you will see all the options click on the proxy and turn off the intercept by default every time you open the burp suite intercept option will be turned on.
Once you do that click on options (highlighted part in image) you will see the port number and IP address proxy is running on by default it will be on localhost 127.0.0.1 with port 8080 you can change it from here but for now, keep it as is it.
Now proxy is running the only thing you have to is configure your browser to use this proxy and set up a certificate so you can see https request also. Now open your browser click on the browser setting depending on the browser you are using and find the proxy setting, and click on it, it will show you the proxy options
|Chrome browser proxy option.|
|Firefox browser proxy option|
Now click on manual proxy enter the Proxy address and port number depending on the changes you have done in your burp suite proxy. if you have a default setting in your burp suite with localhost 8080 port then enter it and check to Use this proxy server for all protocols.
You can cross-check with the image above. and click the okay button now the proxy setup is done now every request from your browser will go to the burp suite and from burp suite, you can do anything you want. the only thing is your browser will not send the https request to allow your browser to send encrypted https request to the burp suite you will need to install a burp suite certificate.
To set up the certificate make sure you are connected with proxy with the above methods, once you are, open a link in your browser http://burp and hit enter and click on CA Certificate and it will install a certification for you.
How to install the certificate on Firefox
Once you install the certificate go to the browser setting and find a certificate setting and click on view certificate and click Authorities then click on import and select the certificate you installed and you will see the certificate make sure you select both the option
- Trust this CA to identify the website
- Trust this CA to identify email users
How to install the certificate on Google Chrome
XSS With Burp-Suite
- Forward to send request to the server.
- Drop will drop the request and won’t send it to the server.
from here you can send soo many requests by modifying it, to solve this challenge change the parameter the best thing about burp-suite you can see zxm and cookie value is in a different colour that means burp-suite automatically detect that these are parameter and can be changed by us.
Now to test for XSS add your payload after the zxm parameter.
payload : “><script>alert(‘1’)</script>
your request should look like this:
Click send and you will see the response in response now again right-click on the response side click show response in browser & copy the link and paste it in the browser. if you see a popup then you are successfully able to add your js payload. this is how BURP-SUITE REPEATER works. it’s not only for XSS you can use the same way for other attacks too. Burp-suite is a long topic if you are interested in it ping me or comment down, I will try for this topic.
BURP SUITE AUTOMATION
Now burp suite lets you do automation all your work with the help of intruder tab. the again same way we did above right click on the HTTP request and click send to the intruder ( or CTRL +I ) now click on intruder tab
Now target will be automatically set click on the position (select the part which you want to test for automation) in position click clear from the right side because burp suite automatically selects the part for automation testing. Select zxm and click add option from the right side and it will select it for the automation.
Now click on the payload option here you have to select the payloads which burp suite do automation for that you need a text file full of XSS payloads. you can download the payload list from here. we need to add our list in payload options [simple list] click on load and select the text file you have downloaded and click start attack
Now double click on Lenght and burp suite will show you the response of your request with a high size, response with the highest length has changes of our payload execute.
Click on any request with high length and right click and click show response in the browser and paste the link in your browser and see if your payload gets to execute or not.
- automation is not the best approach in real-world and if you do automation for any random website or any site with bug bounty program automation is not allowed for most of them.
- burp suite free is slow for automation you will a pro version for that.