SecLists icon indicating copy to clipboard operation
SecLists copied to clipboard

Published 20 hours ago verified publisher icon danielmiessler

XSS fuzz lists

Open vanderaj opened this issue 9 years ago • 10 comments

Many of the XSS payload files are not directly consumable by fuzzing applications, such as Burp Intruder. I think it would be great if there were seperate fuzzing files to the discussion files. For example, Mario's XSS file is AWESOME and so advanced that it's akin to magic, but it takes a bit of work to use within tools.

How best to help you guys with this?

vanderaj avatar Oct 15 '15 01:10 vanderaj

I agree, but the context in that file is advantageous. How about make a stand alone fuzzing version and commit with a comment that one is better consumed by Burp and the other used as a reference?

jhaddix avatar Oct 16 '15 19:10 jhaddix

Yes please!

danielmiessler avatar Mar 07 '16 21:03 danielmiessler

Yes, that's a good idea. We should mark files as tool-ready or something within the name of the list.

danielmiessler avatar Jul 20 '16 17:07 danielmiessler

@danielmiessler @jhaddix I realize this issue is a little old, but I came across it today and thought the idea here is fabulous. I'd be happy to take a stab at this, that is, if you still want something. Is the solution you want really just make new fuzzing files that can be directly imported into tools (Burp and ZAP come to mind)?

CrossSitePotato avatar Apr 06 '17 02:04 CrossSitePotato

Sounds like a good idea to me!

Beyarz avatar Apr 06 '17 18:04 Beyarz

Great idea.

pypetey avatar Dec 16 '17 08:12 pypetey

This is a great idea.

freddiebarrsmith avatar Apr 25 '18 13:04 freddiebarrsmith

Yo I am taking this up, but while looking through the lists I seed some repeated strings, specially //["'`-->]]>]</div>

Screenshot_2023-12-08_01-51-30

molangning avatar Dec 07 '23 17:12 molangning

@g0tmi1k I think this can be closed

molangning avatar Mar 26 '24 06:03 molangning