How I found reflected XSS on IDFC Bank with burp-suite Intruder
Hi, everyone
My name is Santosh Kumar Sha, I’m a Security Researcher/Ethical Hacker from India(Assam). In this article, I will be Describing How I found reflected XSS on IDFC Bank with burp-suite Intruder.
I am now offering 1:1 sessions to share my knowledge and expertise:
SPECIAL Note:
Don’t go outside test scope without any permission. Stay safe and also hack safe . Special request to my fellow bug-bounty hunter Take care of your health and always abide the rule of engagement.
TOOLS used for the exploitation
1. Subfinder (https://github.com/projectdiscovery/subfinder)
2. httpx (https://github.com/projectdiscovery/httpx)
3. gau(Corben) — https://github.com/lc/gau
4. waybackurls(tomnomnom) — https://github.com/tomnomnom/waybackurls.
5. Burpsuite — https://portswigger.net/burp
Story Behind the bug:
This is the write-up of my how i found multiple reflected XSS using burp-suite intruder and automated it to find multiple XSS is on different domains with fuzzing parameters at a same time.
I was working some automation and got invite for new for target. So, while casually browsing and exploring the main domain i got were i notice an endpoint where it was…