g GETDATA Enter payload to audit using GET (ex: '/menu.php?q=') -p POSTDATA Enter payload to audit using POST (ex: 'foo=1&bar=') -c CRAWLING Number of urls to crawl on target(s): 1-99999 -Cw=CRAWLER_WIDTH Deeping level of crawler: 1-5 -Cl Crawl only local target(s) urls (default TRUE) *Configure Request(s)*: These options can be used to specify how to connect to target(s) payload(s). See dork.py file to check for available engines) *Select type of HTTP/HTTPS Connection(s)*: These options can be used to specify which parameter(s) we want to use like payload to inject code. You need to choose to run XSSer: -u URL, -url=URL Enter target(s) to audit -i READFILE Read target urls from a file -d DORK Process search engine dork results as target urls -De=DORK_ENGINE Search engine to use for dorking (bing, altavista, yahoo, baidu, yandex, youdao, webcrawler, google, etc. swf file with XSS code embedded *Select Target(s)*: At least one of these options has to be specified to set the source to get target(s) urls from. = 2.- Options and features: = xsser *Options*: -version show program's version number and exit -h, -help show this help message and exit -s, -statistics show advanced statistics output results -v, -verbose active verbose mode output results -gtk launch XSSer GTK Interface (Wizard included!) *Special Features*: You can choose Vector(s) and Bypasser(s) to inject code with this extra special features: -imx=IMX create a false image with XSS code embedded -fla=FLASH create a false.
It contains several options to try to detect and "bypass" certain filters, and various special techniques of code injection.
= 0.- Index: = 1.- Introduction 2.- Options and features 3.- Payloads 4.- Examples of usage 5.- How to XSS report to the Internet 6.- Documentation 7.- Downloads = 1.- Introduction: = Cross Site "Scripter" (aka XSSer), is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
0 kommentar(er)
