You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
THIS TOOLS IS IN EARLY BETA USE IT ON YOUR OWN RISK
Burp extension helps in finding blind xss vulnerabilities by injecting xss payloads in every request passes throw BurpSuite
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
- Developer: Ahmed Ezzat (BitTheByte) -
- Github: https://github.com/BitTheByte -
- Version: 0.05b -
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
[WARNING] MAKE SURE TO EDIT THE SETTINGS BEFORE USE
[WARNING] THIS TOOL WILL WORK FOR IN-SCOPE ITEMS ONLY
[WARNING] THIS TOOL WILL CONSUME TOO MUCH BANDWIDTH
Configuration
Go to Bit blinder tab then enable it
Set your payloads (line separated)
If you added more than 1 payload enable the randomization button
If you want to keep it disabled keep in mind that the tool will use the first payload only
How to use
Load the extension to your burpsuite
Click on Bit blinder tab then enable it
Add your target to scope It'll only work for inscope items
Continue your hunting session Make sure to do alot of actions [Forms,Search,...]
Monitor the output in extension's output tab
Note: By the nature of this tool it'll make alot of requests so you may get blocked by WAF or experience slow internet connection
In a nutshell
When user visits https://example.com?vuln=123&vuln2=abc
This tool will generate the following 2 requests (in the background without effecting the current session)
