Installing and Using XSSTron for Bug Bounties (2023)

Introduction

Hey hackers what's up, in this video I will talk about using XSSTron to find cross-site-scripting vulnerabilities.

XSSTron is an Electron based JS Browser used to find XSS vulnerabilities, similar to knoxss. It also has the option to open a list of urls to test for xss.
To learn about this more please site back, get yourself a coffee and watch this video.

Tool:
github.com/RenwaX23/XSSTRON

Patreon:
www.patreon.com/krypt0mux

Twitter:
twitter.com/z0idsec

Thanks and feel free to subscribe, it always makes me happy! 😊

#xss #js #browser

Content

Hello, welcome back.

This is cryptomarks aks lloyd and in this video we're going to be talking about ways to find crossout's kitchen with a tool called exodus.

Tron coming right up, okay, so exercise tron is a browser based exercise, detection tool.

It uses electron js browser to find crossout, scripting vulnerabilities um, it's a really unique way to find cross-site skipped and funded vulnerabilities, and it can detect many cases, especially post requests too now remember.

Press requests are not that impactful, so maybe try and change.

I chain it with a csr csrf vulnerability and maybe that we increased it just a tiny bit because it still requires easy interaction.

So it may not be that um that impactful, but there's many other different vulnerabilities or ways you could chain uh post xss.

So I have stumbled across some problems with um linux or debian ubuntu um.

They have the solutions down here.

The bottom um try using these commands.

I may fix the problem.

May not so I just thought I'm using I'm running linux on windows.

Let's just try windows, so I'm going to be talking about how to install it on windows.

In a tick, but I just want to show you the features it has, so it has the option to master your scan, which is very useful.

I been one of the tool that has this feature for a long time.

It also has uh the exercise trying to actually produce as a proof of concept with the payload that's tried out or that's tested and also some other various things like um.

You know there was a bit of the response to or the the dom or just the res, where it's injected with things like that, so we want to just get started and install this sorry, let's get started.

So what we want to do is I want to go to the node.js website, which is just https double column, slash nodejs.org um, and we want to download the current version for windows, x64 x32, whatever architecture architecture you've got once we do that we want to go to where we downloaded it to and install it now when we install it, we do not want to tick that add additional tools, because that will take way too long and it's not really necessary.

So after it's installed, node.js node.js, it should just install.

I should install it.

It takes a really it's really quick.

Then we want to download the accesstron access system framework, so just click on our download zip.

We can use git if you want to, but you have to install it for windows which is not really necessary, so download the zip file.

Then we want to extract it in a directory of our choice.

I extracted it to a directory called tools and here's what it looks like right here next step is to open up a powershell command line.

Go to that directory and type in npm install that should install npm with all the packages should install the packages the dependencies after that you want to type in npm start and now that should pop up a nice little uh chromium browser um, like so awesome, just going to load the browser right now.

So this is this is loaded.

Now.

What we're going to do is we're just going to load this um domain in here into xss tron, the electron based browser.

It should pop up a um a little.

I little box saying that things that it's tested um and what we want to do is we just want to.

We just basically want to go through the website and type in things everything in the input.

It doesn't really have the feature to um spider as your loader website, which would be pretty cool, but we can.

We could maybe figure out a way later on.

So obviously it's found an excess vulnerability in this um search parameter and even gives you, the euro and and um the payload tested, which is pretty cool um.

So we need to do now is copy this payload um into the field, and it should execute javascript.

Let's have a look here boom.

It actually actually executed it and it says lab is um.

Was it solved? It really solved the lab now? What about? If you want to do bug boundaries with this, so there is a cool way we can do that is we can download um the bug, bounty programs, sub domains from a website called chaos um.

I think it's called chaos project discovery now this actually has um.

Basically, all the bug bounty programs that are out there, but they they collect to re.

They collect the sub domains on a daily basis.

So as so much so far, it's up to 5.836 billion uh sub domains in total.

So what we can do is we can sort out by um with rewards or if we want just paid programs and with that we can just click on this button, saying program and just download all of the subdomains, and then we're not going to be talking about much about that.

Yet, but what I've I've have this.

I have done some basic um sub domain scans on um on some programs, but we just want to cut out and we can use a first of all.

We can use a call called k, gaos or gao, so you want to come cut out the subdomains um file and feed that into uh the gao um program, and we only want to grip for parameter based links so with that would save that to a for a file called links.txt.

I've already saved it, so um I'll just show you the output of it.

First, I've already saved it to a file.

That's what should look like.

So what we're going to do is we're going to cut out the links file, we're not going to be doing them all just because um it could take a bit of time, but I figured the last video I recorded this website blocked me.

So, let's just cut out and let's ignore uh this website here, let's see if it doesn't discover anything else.

No, I didn't so.

Let's just do this all again, um, so we're going to remove the links and we're going to um.

Do this go, but we're also going to grip four parameters and ignore this uh domain here and then we're going to take it out to a file called links.txt.

Now we're not going to be basically we're not going to be doing it, we're not going to be uh fetching all the links of all these domains because it will take a lot of time, so we're just going to be um fetching for some of them and then we're going to be testing that with xss tron another useful way of doing this is.

We can also um put a program in scope, um on in burp and spider through the host and then copy all the links and put them into accessory tron mass scan option as well.

Sorry, if you want to find the mass scan option, it's just this little icon up here in the top right hand, corner of x's tron, so we'll just wait until these are links have been found and then we'll use the mass scan option to find to see if we can find any cross-site scripting vulnerabilities.

So it's just taking a bit of time, because what I'm doing is ignoring this domain here, because this actually blocked me.

So I don't want to happen in in the next a lot of your hours.

Here we go now.

We got started awesome, so we're just going to just test out these for you here, let's just test out these for here.

So let's just go um start from here: let's go up and let's just go up until about here.

I reckon so, let's go to exodus tron and, let's just do a mass scan now, obviously, for you you'd probably want to um keep this going and just leave it paste all the urls into this uh your master, scan and see if we can find anything.

But at the moment it's oh.

So this is a adjacent on jason.

Query, sorry uh! It's testing out, obviously the w jason owen bed um and it will hopefully pop up with um an alert box if it found anything if it found any vulnerabilities.

That's just from the pots wiggle example.

Let's get out of that, so it hasn't found anything yet um, but it will pop it in the box if it did find something.

So, yes, that's pretty much the tool there.

So yeah, that's about it for using access tron to find access vulnerabilities.

There is another project called no xss, which is a similar than xss tron, except it's more like a browsing extension and can run a little bit quicker in different ways, but with xss I know xss um I'll even show you, the uh the website it's made by brutelogic, which he's an awesome guy he's helped me quite a bit with um just bugged down this in general cross sites.

You know actually haven't contacted him for a while.

So I need to uh get in contact with him because he's such an awesome guy um.

So this is another tool that you can use um it it.

You can get a free one and a paid one um and then click on get started.

It will show the different teas.

So free obviously only does a limited amount of cross subscription findings and if you want to get the the pro or the one you're licensed for the the the pro version.

Ah, it cost 150 a year which is really cheap, actually um, and this is what it will find.

It does everything and it's pretty good.

I love it as well, but you can try if you just want a better alternative for the free.

No xss just use exodus tron.

Okay, so I hope you loved this video uh.

Give me a like if you liked the video give me a subscribe, subscribe to the video, because I'll always appreciate subscribers um.

I love making content for you guys, um.

If you don't like the video, give it a dislike.

You know it's.

Your life you're allowed to dislike whatever you want, I'm not forcing you to like my video, but I would love the subscription and the like.

So yeah have a nice um evening day morning.

Whatever time of the day, it is with you and I'll see in the next video talk to you later, bye.