Installing and Using XSSTron for Bug Bounties (2023)


Hey hackers what's up, in this video I will talk about using XSSTron to find cross-site-scripting vulnerabilities.

XSSTron is an Electron based JS Browser used to find XSS vulnerabilities, similar to knoxss. It also has the option to open a list of urls to test for xss.
To learn about this more please site back, get yourself a coffee and watch this video.




Thanks and feel free to subscribe, it always makes me happy! 😊

#xss #js #browser


Hello, welcome back.

This is cryptomarks aks lloyd and in this video we're going to be talking about ways to find crossout's kitchen with a tool called exodus.

Tron coming right up, okay, so exercise tron is a browser based exercise, detection tool.

It uses electron js browser to find crossout, scripting vulnerabilities um, it's a really unique way to find cross-site skipped and funded vulnerabilities, and it can detect many cases, especially post requests too now remember.

Press requests are not that impactful, so maybe try and change.

I chain it with a csr csrf vulnerability and maybe that we increased it just a tiny bit because it still requires easy interaction.

So it may not be that um that impactful, but there's many other different vulnerabilities or ways you could chain uh post xss.

So I have stumbled across some problems with um linux or debian ubuntu um.

They have the solutions down here.

The bottom um try using these commands.

I may fix the problem.

May not so I just thought I'm using I'm running linux on windows.

Let's just try windows, so I'm going to be talking about how to install it on windows.

In a tick, but I just want to show you the features it has, so it has the option to master your scan, which is very useful.

I been one of the tool that has this feature for a long time.

It also has uh the exercise trying to actually produce as a proof of concept with the payload that's tried out or that's tested and also some other various things like um.

You know there was a bit of the response to or the the dom or just the res, where it's injected with things like that, so we want to just get started and install this sorry, let's get started.

So what we want to do is I want to go to the node.js website, which is just https double column, slash um, and we want to download the current version for windows, x64 x32, whatever architecture architecture you've got once we do that we want to go to where we downloaded it to and install it now when we install it, we do not want to tick that add additional tools, because that will take way too long and it's not really necessary.

So after it's installed, node.js node.js, it should just install.

I should install it.

It takes a really it's really quick.

Then we want to download the accesstron access system framework, so just click on our download zip.

We can use git if you want to, but you have to install it for windows which is not really necessary, so download the zip file.

Then we want to extract it in a directory of our choice.

I extracted it to a directory called tools and here's what it looks like right here next step is to open up a powershell command line.

Go to that directory and type in npm install that should install npm with all the packages should install the packages the dependencies after that you want to type in npm start and now that should pop up a nice little uh chromium browser um, like so awesome, just going to load the browser right now.

So this is this is loaded.


What we're going to do is we're just going to load this um domain in here into xss tron, the electron based browser.

It should pop up a um a little.

I little box saying that things that it's tested um and what we want to do is we just want to.

We just basically want to go through the website and type in things everything in the input.

It doesn't really have the feature to um spider as your loader website, which would be pretty cool, but we can.

We could maybe figure out a way later on.

So obviously it's found an excess vulnerability in this um search parameter and even gives you, the euro and and um the payload tested, which is pretty cool um.

So we need to do now is copy this payload um into the field, and it should execute javascript.

Let's have a look here boom.

It actually actually executed it and it says lab is um.

Was it solved? It really solved the lab now? What about? If you want to do bug boundaries with this, so there is a cool way we can do that is we can download um the bug, bounty programs, sub domains from a website called chaos um.

I think it's called chaos project discovery now this actually has um.

Basically, all the bug bounty programs that are out there, but they they collect to re.

They collect the sub domains on a daily basis.

So as so much so far, it's up to 5.836 billion uh sub domains in total.

So what we can do is we can sort out by um with rewards or if we want just paid programs and with that we can just click on this button, saying program and just download all of the subdomains, and then we're not going to be talking about much about that.

Yet, but what I've I've have this.

I have done some basic um sub domain scans on um on some programs, but we just want to cut out and we can use a first of all.

We can use a call called k, gaos or gao, so you want to come cut out the subdomains um file and feed that into uh the gao um program, and we only want to grip for parameter based links so with that would save that to a for a file called links.txt.

I've already saved it, so um I'll just show you the output of it.

First, I've already saved it to a file.

That's what should look like.

So what we're going to do is we're going to cut out the links file, we're not going to be doing them all just because um it could take a bit of time, but I figured the last video I recorded this website blocked me.

So, let's just cut out and let's ignore uh this website here, let's see if it doesn't discover anything else.

No, I didn't so.

Let's just do this all again, um, so we're going to remove the links and we're going to um.

Do this go, but we're also going to grip four parameters and ignore this uh domain here and then we're going to take it out to a file called links.txt.

Now we're not going to be basically we're not going to be doing it, we're not going to be uh fetching all the links of all these domains because it will take a lot of time, so we're just going to be um fetching for some of them and then we're going to be testing that with xss tron another useful way of doing this is.

We can also um put a program in scope, um on in burp and spider through the host and then copy all the links and put them into accessory tron mass scan option as well.

Sorry, if you want to find the mass scan option, it's just this little icon up here in the top right hand, corner of x's tron, so we'll just wait until these are links have been found and then we'll use the mass scan option to find to see if we can find any cross-site scripting vulnerabilities.

So it's just taking a bit of time, because what I'm doing is ignoring this domain here, because this actually blocked me.

So I don't want to happen in in the next a lot of your hours.

Here we go now.

We got started awesome, so we're just going to just test out these for you here, let's just test out these for here.

So let's just go um start from here: let's go up and let's just go up until about here.

I reckon so, let's go to exodus tron and, let's just do a mass scan now, obviously, for you you'd probably want to um keep this going and just leave it paste all the urls into this uh your master, scan and see if we can find anything.

But at the moment it's oh.

So this is a adjacent on jason.

Query, sorry uh! It's testing out, obviously the w jason owen bed um and it will hopefully pop up with um an alert box if it found anything if it found any vulnerabilities.

That's just from the pots wiggle example.

Let's get out of that, so it hasn't found anything yet um, but it will pop it in the box if it did find something.

So, yes, that's pretty much the tool there.

So yeah, that's about it for using access tron to find access vulnerabilities.

There is another project called no xss, which is a similar than xss tron, except it's more like a browsing extension and can run a little bit quicker in different ways, but with xss I know xss um I'll even show you, the uh the website it's made by brutelogic, which he's an awesome guy he's helped me quite a bit with um just bugged down this in general cross sites.

You know actually haven't contacted him for a while.

So I need to uh get in contact with him because he's such an awesome guy um.

So this is another tool that you can use um it it.

You can get a free one and a paid one um and then click on get started.

It will show the different teas.

So free obviously only does a limited amount of cross subscription findings and if you want to get the the pro or the one you're licensed for the the the pro version.

Ah, it cost 150 a year which is really cheap, actually um, and this is what it will find.

It does everything and it's pretty good.

I love it as well, but you can try if you just want a better alternative for the free.

No xss just use exodus tron.

Okay, so I hope you loved this video uh.

Give me a like if you liked the video give me a subscribe, subscribe to the video, because I'll always appreciate subscribers um.

I love making content for you guys, um.

If you don't like the video, give it a dislike.

You know it's.

Your life you're allowed to dislike whatever you want, I'm not forcing you to like my video, but I would love the subscription and the like.

So yeah have a nice um evening day morning.

Whatever time of the day, it is with you and I'll see in the next video talk to you later, bye.


Is bug bounty a good career? ›

Since bug bounties are typically paid in US dollars, many regions will see a higher return on their investments because many other nations have lower living expenses than the US. If your main goal is to hack cool things all day, bug bounties may lead you to the exciting career of becoming a pentester.

How much money can you make from bug bounty? ›

A 2020 report by HackerOne found that the average bounty paid for critical vulnerabilities stood at $3,650, and that the largest bounty paid to date for a single flaw was $100,000.

What skills do you need for bug bounty? ›

How to Get Started With Bug Bounty?
  • Learn Computer Networking: ...
  • Get Familiarized With Web Technologies: ...
  • Learning Web Application Security Measures and Hacking Techniques: ...
  • Practicing and Polishing Your Skills: ...
  • Testing Real Targets: ...
  • Staying Current on Latest Vulnerabilities:
Nov 7, 2022

What is the problem with bug bounty? ›

Some bug bounties programs have been criticized as tools to prevent security researcher from publicly disclosing vulnerabilities, by conditioning the participation to bug bounty or even granting safe-harbor, to abusive non-disclosure agreements.

How much does a beginner bug bounty make? ›

While ZipRecruiter is seeing annual salaries as high as $77,000 and as low as $11,000, the majority of Bug Bounty salaries currently range between $31,000 (25th percentile) to $52,000 (75th percentile) with top earners (90th percentile) making $68,500 annually across the United States.

What is Apple's highest paid bug bounty? ›

Ryan Pickren, a cyber security student and former Amazon Web Services security engineer, has exposed a critical glitch in Apple devices and bagged a bug bounty of $100,500. The bounty is the highest ever Apple bug bounty reward paid to anyone.

What is the highest paid bug? ›

An individual known as gzobqq received a reward of $605,000 for reporting a series of five bugs (CVE-2022-20427, CVE-2022-20428, CVE-2022-20454, CVE-2022-20459, CVE-2022-20460) in Android that could be exploited together. This is currently the highest payout for a bug bounty program.

Can I make a living from bug bounty? ›

Individuals, both experts and novices, can earn money and receive recognition based on the severity and number of the bugs discovered. Top hackers can make up to a full-time salary and receive elite recognition, while newbies can use bug bounty programs to get started in the cybersecurity field while being rewarded.

Is bug bounty a side hustle? ›

Bug bounty programs enable side hustlers and freelance developers to make money by finding issues in a company's software. With the right skill set and some dedication, getting started with a bug bounty program can be a great way to earn extra income in 2023.

Can beginners do bug bounty? ›

This free course will help beginners start finding bugs right away! You'll learn the skills needed to become a bounty hunter, starting from the basics and working your way up to an intermediate level. By the end of this course, you'll have the tools needed to tackle most common vulnerabilities.

How long does it take to start bug bounty? ›

Doing bug bounties are very competitive, it might take a year at least to do good in bug bounty. you have to continue your learning, sharing & more and more practice. You must-have curiousness to learn about new things and explore the field on your own.

Is bug bounty hunting hard? ›

That's unpopular advice because a lot of people want to do bug bounties to earn income, which is totally understandable. But it's really, really difficult if you don't yet have the knowledge or skills to find bugs in the popular programs.

Can I make millions by bug bounty? ›

Be a bug bounty hunter and earn more than $350,000 yearly. Bug bounty programs award hackers an average of $50,000 a month, with some paying out $1,000,000 a year in total.

Do I need VPN for bug bounty? ›

The Bug Bounty community has grown rapidly in recent years, with more and more companies launching their own programs. However, performing Bug Bounty activities requires anonymity and security, which is why it is necessary to use a Virtual Private Network (VPN).

Is bug bounty stressful? ›

Bug bounty hunting can be stressful. You could spend hours, days, or even weeks and not come across a single vulnerability. Sometimes you won't find anything at all, no matter how much time you put into it.

Can you make a living from bug bounty? ›

Individuals, both experts and novices, can earn money and receive recognition based on the severity and number of the bugs discovered. Top hackers can make up to a full-time salary and receive elite recognition, while newbies can use bug bounty programs to get started in the cybersecurity field while being rewarded.

Can you make a living off of bug bounty hunting? ›

Yes, it is possible to make a living through bug bounty programs. The best bug hunters make more money on bounties than they could earn through full-time employment. If you have the aptitude and the tenacity to develop your skills so that you become one of the best, you can make a good living as a white hat hacker.

Is bug bounty the future? ›

In conclusion, the future of Bug Bounty Programs is bright. These programs will continue to play a critical role in cybersecurity, providing organizations with an effective and efficient way to identify and address vulnerabilities.

Top Articles
Latest Posts
Article information

Author: Kimberely Baumbach CPA

Last Updated: 08/12/2023

Views: 5427

Rating: 4 / 5 (61 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Kimberely Baumbach CPA

Birthday: 1996-01-14

Address: 8381 Boyce Course, Imeldachester, ND 74681

Phone: +3571286597580

Job: Product Banking Analyst

Hobby: Cosplaying, Inline skating, Amateur radio, Baton twirling, Mountaineering, Flying, Archery

Introduction: My name is Kimberely Baumbach CPA, I am a gorgeous, bright, charming, encouraging, zealous, lively, good person who loves writing and wants to share my knowledge and understanding with you.