XSSTRON - Electron JS Browser To Find XSS Vulnerabilities Automatically


Powerful Chromium Browser to find XSS Vulnerabilites automatically while browsing web, it can detect many case scenarios with support for POST requests too


Installation

Become root (sudo su)

Install Node.js and npm (https://www.npmjs.com/get-npm) or (sudo apt install npm)

Download this repo files or (git clone https://github.com/RenwaX23/XSSTRON)

cd XSSTRON

npm install

npm start


Some users using Debian/Ubuntu might not able to run the tool as i think it's an issue with Electron itself, you can continue using the app in Window/OSX and Linux installed on Windows. Check Known Issues


Usage

Just browse the web like a normal web browser then it will automatically look for XSS vulns in background and show them in a new window with POC




GET request POC



POST request POC



Known issues

Some users in certain linux distributions get into some problems try these

  • In (package.json) change it to:
  "devDependencies": {    "electron": "^10"  },
  • Try to update npm and nodejs to latest version
  • delete node_modules folder and reinstall
  • in package.json change the electron devDepencies to (electron11-bin)
  • install electron using (npm install electron) and run the app with electron using (electron .) with each step remember to delete the node_modules folder and re install again using (npm install)

Failed to serialize arguments is known issue and might be fixed soon :)


Thanks for



Source: feedproxy.google.com
XSSTRON - Electron JS Browser To Find XSS Vulnerabilities Automatically XSSTRON - Electron JS Browser To Find XSS Vulnerabilities Automatically Reviewed by Anonymous on 12:33 PM Rating: 5