Tool tips – Fuzzing for XSS with Burp Suite

Fuzzing inside GET request has come up for me multiple times so I wanted to throw together a quick tool tip. For in depth use of web application pentesting with burp suite there are some great resources out there including the Burp Suite Documentation or the @primalsec article Web Hacking with Burp Suite. Here I will cover how to fuzz for xss with burp suite in a simple way.

First thing your going to want to do is enable your burp proxy and make a request for the page that you think contains xss in the GET request(see below):

Burpe suite scope

Next your going to want to send this to intruder by right clicking and choosing Send to Intruder. You could also do manual testing by sending it to repeater:

Burpe suite send to intruder

After this navigate to the Intruder tab:

Burpe suite intruder position

In this case Burp Suite has chosen to correct position. You do however have the option of choosing multiple positions. In this case we are choosing the sniper option which chooses a single set of payloads. After this we need to set our payload. I chose for this example xss-rsnake fuzz from fuzzdb. I would recommend downloading the entire fuzzdb but for this example I simply copied the list and pasted into the Payload Options [Simple list]:

Burpe suite intruder setting payload

To start the attack once all of the options are set choose intruder and start attack:

Burpe suite intruder start attack

In the free version of Burp Suite the attack will be throttled so I would highly consider paying for the Pro version for any serious Web Application Pentesting. After your attack is finished review your results for XSS and profit:

Intruder attack results

Update: Thanks to John Poulin for letting me know about a great tool that automates the XSS validation process called xssValidator by nVisium

Post navigation