testing-for-xss-vulnerabilities-with-burpsuite
Installation
SKILL.md
Testing for XSS Vulnerabilities with Burp Suite
When to Use
- During authorized web application penetration testing to find reflected, stored, and DOM-based XSS
- When validating XSS findings reported by automated vulnerability scanners
- For testing the effectiveness of Content Security Policy (CSP) and XSS filters
- When assessing client-side security of single-page applications (SPAs)
- During bug bounty programs targeting XSS vulnerabilities
Prerequisites
- Authorization: Written scope and rules of engagement for the target application
- Burp Suite Professional: Licensed version with active scanner capabilities
- Browser: Firefox or Chromium with Burp CA certificate installed
- FoxyProxy: Browser extension configured to route traffic through Burp proxy (127.0.0.1:8080)
- Target application: Authenticated access with valid test credentials
- XSS payloads list: Custom wordlist or Burp's built-in XSS payload set
Related skills
More from mukul975/anthropic-cybersecurity-skills
acquiring-disk-image-with-dd-and-dcfldd
Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through
119analyzing-api-gateway-access-logs
Parses API Gateway access logs (AWS API Gateway, Kong, Nginx) to detect BOLA/IDOR attacks, rate limit bypass,
103analyzing-android-malware-with-apktool
Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source
100analyzing-cyber-kill-chain
Analyzes intrusion activity against the Lockheed Martin Cyber Kill Chain framework to identify which phases
90analyzing-email-headers-for-phishing-investigation
Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify
84analyzing-active-directory-acl-abuse
Detect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and
83