XSSTRON: Find XSS with Electron JS Browser


XSSTRON is a powerful Chromium browser for automatically finding XSS Vulnerabilites while browsing the web. It can detect many scripts in different cases with support for POST requests as well.

Installation

Install Node.js and npm (https://www.npmjs.com/get-npm) or (sudo apt install npm) Download this repo files or (git clone https://github.com/RenwaX23/XSSTRON) cd XSSTRON npm install npm start

Some users using Debian / Ubuntu may not be able to run the tool, as I think there is a problem with Electron itself. However, you can use the application on Windows / OSX and Linux installed on Windows Machines.

Use

Just browse the web like you would with a regular browser and then it will automatically search for XSS vulns in the background and show them in a new POC window

GET request for POC

POST POC request

Corrections

Kali / Debian users fix the installation:

sudo apt install npm sudo npm install -g electron --unsafe-perm = true --allow-root cd XSSTRON sudo npm install electron. --no-sandbox
  • In (package.json) change it to:
  "devDependencies": {"electron": "^ 10"},
  • Try updating npm and nodejs to the latest version.
  • delete node_modules and package-lock.json and reinstall them.
  • in package.json change electron devDepencies to (electron11-bin).
  • install electron using (npm install electron) and run the electron application. At each step remember to delete the node_modules and package-lock.json and reinstall using the npm installation.

You can download the program from here..


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news