I wrote a little app called xsssniper to automatically test XSS injection points in target URLs. $ python xsssniper.py --url 'X' --payload 'Y' --check 'Z' What it does is scanning target URL for GET parameters and then inject an XSS payload (Y) into them and parse the response for artefacts of the injection (Z). The simplest example would be to inject <script type="text/javascript">window.alert('lol')</script> and check for <script type="text/javascript">window.alert('lol')</script>, if we ha...
