For those of you who have either subscribed to my Facebook profile or RHA's Facebook fan page, you might know that i have been on a mission to discover XSS on high profile websites, I have found XSS in high profile websites like Microsoft, ebay, apple, adobe, stumbleupon etc, Lots of people ask me the regarding the methodology i use in order to detect Cross site scripting vulnerabilities (XSS).
Well, honestly speaking i don't use a single tool or a single strategy in order to detect/exploit xss, My strategy involves combination of Google dorks, Automatic dork scanners and multiple free/commerical scanners in order to detect/verify/exploit the vulnerability. However, if you are targeting a high profile website, you won't find an XSS in the homepage. You need to look and discover the places where few people are searching. Your chances of detecting XSS would be really high.
With that being said, i would like to introduce you to a piece of tool that is on my XSS discovery toolkit named "Fiddler". Fiddler is a basically acts as a proxy between your computer and your internet. Fiddler comes with lots of different features, however i won't talk about other features of fiddler as it's not a part of the scope of this article. If you would like to learn more about capabilities of fiddler, i would recommend you reading the book "Debugging with Fiddler"
While watcher does detect some XSS, however it generates lots of false positive, therefore i also use another addon along with fiddler for detecting cross site scripting attacks, X5S is also created by the developers of watcher, however it's specially for detecting XSS, here is an official despcription:
x5s acts as an assistant to the security tester by speeding up the process of parameter manipulation and aggregating the results for quick viewing. It automates some of the preliminary XSS testing work by enumerating and injecting canaries into all input fields/parameters sent to an application and analyzing how those canaries were later emitted. E.g. Was the emitted output encoded safely or not? Did an injected character transform to something else?
I would recommend you taking a look at the following quick start tutorial, if you are planning to use XS5:
Kindly Bookmark it and Share it with Friends: