Blind XSS Features
Blind xss0r offers a wide range of features designed for detailed analysis and enhanced insights into client-side data. Below is a list of the capabilities provided by the script:
- All Cookies (Non-HttpOnly): Collects all accessible cookies that are not flagged as HttpOnly for analysis and debugging.
- Referrer Information: Retrieves the referring URL to identify the source of traffic to the page.
- IP Address of the Target Client: Captures the public IP address and provides approximate location details, including city, region, and country.
- Browser Language Information: Detects the browser's language settings to support localization and customization.
- Browser Name and Version: Identifies the browser name and version using the User-Agent string.
- Screenshot of DOM Structure: Generates a visual screenshot of the current DOM structure for debugging and reporting purposes.
- Screen Resolution: Collects the screen resolution and window size of the client’s device.
- Graphics Card Information: Retrieves detailed GPU information, including vendor and renderer.
- Battery Status: Tracks the device’s battery level and charging status when supported by the browser.
- Network Information: Captures the network type (e.g., Wi-Fi, 4G) and downlink speed.
- Local Storage and Session Storage: Extracts data stored in the client’s local and session storage.
- Form Inputs: Collects values from all form inputs, including text fields, textareas, and dropdowns, on the page.
- Page Metadata: Gathers essential page metadata, including the page title, URL, and full HTML structure.
- Plugins and Mime Types: Retrieves a list of installed browser plugins and supported MIME types.
- Admin Panel Accessibility Check: Attempts to access the `/admin` endpoint to verify if it is accessible and logs the response status.
- API Key Discovery in Scripts: Scans all script files loaded on the page to identify potential API keys in their content.
This feature set ensures comprehensive client-side analysis and enables detailed insights into browser and system data.
Step-by-Step Guide
Step 1: Activate Telegram Bot Notifications + Unlock Automation Blind xss0r
- Navigate to your Telegram bot page.
- Copy your Telegram Bot ID.
- Open the Telegram bot link: https://t.me/xss0r_bot.
- In the Telegram chat, type:
/start
. - Type the following command, replacing
<your token here>
with your actual Telegram Bot ID:/token <your token here>
. - You will receive a confirmation message: Connected to the xss0r.
- Picture reference: Picture
Step 2: Prepare Payloads and URLs
- Go to the Dashboard page on xss0r and navigate to the Payloads section.
- Copy all the payloads listed there.
- Save these payloads into a new file named
blind.txt
. Ensure this file is saved in the same directory where xss0r is located. - Prepare your URL list in a file named
urls.txt
. You can use your collected URLs, or for testing purposes, use the following URL:http://testphp.vulnweb.com/guestbook.php
.
Step 3: Run the Blind XSS Spraying
Run the following command to start spraying your Blind XSS payloads on the provided URLs:
./xss0r --spray --urls urls.txt --payloads blind.txt --threads 8 --shuffle
You can use a thread count supported by your plan, which typically ranges between 8 and 15, depending on the plan you have purchased at store.xss0r.com.
Step 4: Enable Automated Crawling Domain + Spraying
To enable crawling for a single domain and spraying payloads on the discovered endpoints:
- Modify the
urls.txt
file to include only the domain name. For example:http://testphp.vulnweb.com
. - Run the following command:
./xss0r --crawler --urls urls.txt --payloads blind.txt --spray --threads 8
Once started, xss0r will spray your Blind XSS payloads across the specified URLs or crawl the domain to discover additional endpoints before spraying. You will receive real-time notifications via Telegram whenever an XSS payload is successfully triggered.