Published 18 years 6 months ago • Last updated March 22, 2025 • ⏱️ < 1 min read
I've been trying to automate the stuff that I normally do when XSS testing to make it easier than writing custom scripts each time. This worked really well for my fuzzing script which fuzzed random characters embedded into tags to find unusual combinations of characters. I've done the same again but this time it inspects HTML tags with Javascript, I used RSnake's cheat sheet to find common HTML properties for XSS injection but if I've missed any please leave a comment and I shall expand the script.
The script has two modes Standard and random, the standard mode uses a list of common tags and inspects them, the random mode tries to find obscure tags which aren't documented or are very old by randomising the names. Using this script has a great advantage because it automates the process of finding tags but also uses the browser's Javascript engine to do it.
Check out the tag inspector here:- Tag inspector