testing-for-xss-vulnerabilities-with-burpsuite
Installation
SKILL.md
Testing for XSS Vulnerabilities with Burp Suite
When to Use
- During authorized web application penetration testing to find reflected, stored, and DOM-based XSS
- When validating XSS findings reported by automated vulnerability scanners
- For testing the effectiveness of Content Security Policy (CSP) and XSS filters
- When assessing client-side security of single-page applications (SPAs)
- During bug bounty programs targeting XSS vulnerabilities
Prerequisites
- Authorization: Written scope and rules of engagement for the target application
- Burp Suite Professional: Licensed version with active scanner capabilities
- Browser: Firefox or Chromium with Burp CA certificate installed
- FoxyProxy: Browser extension configured to route traffic through Burp proxy (127.0.0.1:8080)
- Target application: Authenticated access with valid test credentials
- XSS payloads list: Custom wordlist or Burp's built-in XSS payload set