XSS Probes Explained
XSS Probes are snippets of code that will send information back to you
when they get executed. Using XSS probes can often help you find more
vulnerabilities you wouldn't normally find. You can't always see every
page in an application so if alert box opens and you're not around to see
it, how do you know you injected code?
Find hidden XSS vulnerabilities
What do you do if you don't know when or where your XSS payload might
execute?
This is a tricky situation where you need to execute
blind XSS attacks — for instance, think of pages
only viewable by administrators of a website. This is where XSS probes
can help you with finding these scenarios. In short, your XSS payload
will call back to you and inform you exactly when and where the script
executed as well as other potentially useful information for reporting
the vulnerability like the user's ip address and browser information,
without stealing more information than necessary in order to comply with
good faith principles of hacking.
Find XSS vulnerabilities in new features
The added benefit XSS probes give you is that when new features are
added, you can automatically test them for vulnerabilities. For example,
say your username on a social website is set to an XSS probe script. If
the website developers add a new feature to find nearby friends and your
profile gets loaded in that list, it effectively becomes an automated
test for XSS vulnerabilities with zero extra effort from you!
Let's get hacking!
The XSS Probe Dashboard is currently available to
XSS Course members only. We'll
open limited access to free members in the future.
Already a member? Login to
access your dashboard.
