Skip to content
/ blixss Public

Simple Go tool for Blind XSS detection. Very useful on HTB machines and CTFs.

License

Notifications You must be signed in to change notification settings

lrluque/blixss

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Blind XSS Tool (BLiXSS)

BLiXSS is a command-line tool designed for blind XSS (Cross-Site Scripting) testing. It crafts a malicious payload to inject into web application parameters, allowing you to detect potential vulnerabilities.

blixss

Using BLiXSS with the Academy HTB XSS final assessment to get the flag using a single command

Installation

Clone the repository:

git clone https://github.com/lrluque/blixss.git

Navigate to the blixss directory:

cd blixss

Build the executable:

go build blixss.go

Usage

BLiXSS requires the following parameters:

  • -t: Target URL (e.g., http://example.com)
  • -b: Body strings with the parameters of the request (e.g., "parameter1=XSS&parameter2=test2&parameter3=XSS")
  • -l: URL to forward the requests to (e.g., http://10.10.15.122:45000)
  • -d: Specifies a custom directory to make the GET request. If not specified, it will attach /<<paramName>> on the request.

Example usage:

./blixss -t "http://example.com" -b "parameter1=XSS&parameter2=test2&parameter3=XSS" -l "http://10.10.15.122:45000" -d "custom/request/directory"

Parameter values different from 'XSS' will not be tested.

Disclaimer

This tool is for educational purposes only. Do not use it for any illegal activities. I am not responsible for any misuse or damage caused by BLiXSS.

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

Simple Go tool for Blind XSS detection. Very useful on HTB machines and CTFs.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages