Testing XSS Tools On Target Protected By WAF | 2024
HTML-код
- Опубликовано: 14 окт 2024
- In this video, we dive into the world of web application security by testing various XSS tools on a target protected by a Web Application Firewall (WAF). We'll explore how effective different XSS tools are at bypassing WAF defenses and highlight techniques used by both attackers and defenders. Whether you're a penetration tester, bug bounty hunter, or just interested in cybersecurity, this demonstration will provide valuable insights into XSS vulnerabilities and WAF protections.
XSS Strike: github.com/s0m...
Dalfox: github.com/hah...
ibrahimXSS: ibrahimxss.store/
Coupon: BEPRACTICAL10
For any queries realted to ibrahimXSS, please reach out to him: / ibrahim-husi%c4%87-101...
Website: bepractical.tech
Telegram: telegram.me/be...
Previous Video: • 4 Ways To Use SQLMAP E...
The Art Of Web Reconnaissance:
www.udemy.com/...
Hacking Windows with Python from Scratch: www.udemy.com/...
The Ultimate Guide to Hunt Account Takeover:
www.udemy.com/...
For those who are saying this video is sponsored, Let me tell you all that it is not. It is just that i liked the tool and thought to share it with you all. Whether you are planning to buy it or not is completely up to you. Thanks
@@BePracticalTech it's okay but mention that this is sponsored... not only you are promoting it there are lots of other creators also...
This video is not sponsored by anyone nor I got paid to promote any of the tools. I even said in the video that if you don't want to buy the tool then it is completely fine..
This is overhyped tool
Not sponsored but you have a discount code. 😅
Hello., Tested the same target endpoint in Knoxss. This tool was also able to found xss
U r saying knoxss not able to find ?
Bro made a promotional video without saying it's Sponsored by Ibrahimxss 😂😂
😂
sponsored or not, im just disappointed by the fact that despite knowing the truth, you didn't let your audience know whats going on. its not the tool, its just the list of the payloads which any tool could use it and find same shit. Dalfox can do it if you pass those payloads. sponsoring is not bad, trying to cheat is. just be careful. you've worked hard to build your legacy. don't let cheap tricks get you or don't try to do cheap tricks on new bug bounty hunters. cuz sooner or later you will be called out. hope you don't repeat this in the future. and good luck
Literally bro, I was also thinking the same. But, I believe that only script kiddies would fall for this.
Why not you doing ibrahim xss vs knoxss?
because it is a promotion of ibrahimXSS
How is this knoxss tool work and it give positive results?
So I assume this is how the ibrahimxss tool works: The tool requires binding with google chrome where the tool tracks for any kind of popups in real time within the browser may be possible with that specific chrome driver. The tool then use payload file to send the request by appending the payload with in the browser. If any pop ups comes then, the tool picks a screenshot and include that url in the final generated report. This may be the reason why ibrahimxss got false positive as seen in your video. It simply tracks the popups in real time against the list of payloads. I am be wrong though! Let me know if anyone else think the other way. cheers!
You are right!
Love you bro I want ibrahim xss
could you post the payload list of the last tool? you have github?
Why not knoxss
can if you share the payload file that is very very helpful for us.
Sir if u can then please give us that payoad lists used by the paid tool in this video.....
many payload are available on public github repo such as coffinxp's github (in the payloads repo)
is this tool also run in mac ?
Bro it is asking API but I not received it
I have api key
@@earningoffers1 bro api key
Which UI tool you are using to manage VPS(s) ?
@@DheerajMadhukar termius
Akamai waf bypass?
Brother make video on how to configure Firefox for burp on windows
I have same... Tool that exactly work like ibrahimxss but different is payload file.. If you have good payload list then..good. Same headless detection tool. No false posstie. And it's cost nothing free of cost. Thanks
name?
Can you share with us
Can you share it pls?😢
Can you share it pls?😢
Hello bhaiya windows theme bto apka jo h
Mention that this is sponsored 🎉
some people are getting tool free at all by doing this and that
lol i tested it and it's not bypass any wafs and u didn't try knoxss because it's the best
API KEY
Its only the game of payload... not tool...
Bro only give this payload.txt file😂
dalfox can't even find a single shit , what a shame god knows what they r doing !
that second payload in dalfox triggered if you would have checked the dom
Use tag as sponsored. Let me tell you why the tool owner is giving everyone to promote his tool i have seen many tweets which are bullshit
Don't trust him it's a promotion of his channel and users. He is playing cheap tricks.
First !!!
Faking 😅
First 😂
Disappointed :[
Disappointed
promotion
Why paid promotion 🥲