XSS and Fuzzing

I’ve been doing a bit of manual testing on a project that Mario & others are creating, I don’t usually do a lot of XSS cause I find it a bit boring doing the same stuff, so I decided to come up with some new vectors which I found cool. The only problem was creating the event handlers etc because they are obviously protected by the phpids, so I decided to write a little fuzzer to save me time 🙂


At the moment it’s only very basic but I plan to expand upon it, so stay tuned for updates but until then have a look:-
Basic fuzzer

New vectors

I thought I’d better save it as a text file in case they execute on any rss aggregators:-

One Response to “XSS and Fuzzing”

  1. Kishor writes:


    Following is a GM script that aims at testing false +ve/-ves the IDS produces.

    If you create a simple XML instead of a text file and put your vectors inside tag, you should be able to automate your stuff further.


    – Kishor