XSS Probes Dashboard.

Use XSS probes to find blind XSS and other injection vulnerabilities.

DASHBOARD NAVIGATION

0

total events.

0

users reached.

0

unique injections.

Script Probe.

No events have been captured yet.

Image Probe.

No events have been captured yet.

XSS Probes Explained

XSS Probes are snippets of code that will send information back to you when they get executed. Using XSS probes can often help you find more vulnerabilities you wouldn't normally find. You can't always see every page in an application so if alert box opens and you're not around to see it, how do you know you injected code?

Why do I need probes?

Find hidden XSS vulnerabilities

What do you do if you don't know when or where your XSS payload might execute?

This is a tricky situation where you need to execute blind XSS attacks — for instance, think of pages only viewable by administrators of a website. This is where XSS probes can help you with finding these scenarios. In short, your XSS payload will call back to you and inform you exactly when and where the script executed as well as other potentially useful information for reporting the vulnerability like the user's ip address and browser information, without stealing more information than necessary in order to comply with good faith principles of hacking.

Find XSS vulnerabilities in new features

The added benefit XSS probes give you is that when new features are added, you can automatically test them for vulnerabilities. For example, say your username on a social website is set to an XSS probe script. If the website developers add a new feature to find nearby friends and your profile gets loaded in that list, it effectively becomes an automated test for XSS vulnerabilities with zero extra effort from you!

Let's get hacking!

The XSS Probe Dashboard is currently available to XSS Course members only. We'll open limited access to free members in the future.

Already a member? Login to access your dashboard.