I've been asked how to use knoxss at least 10 times a week for the past weeks so instead of repeating myself, i thought it would be a good idea to write an article. I'll be explaining what knoxss is, how it works and how others work. I'll be giving you a comprehensive guide.
Knoxss is what we call a vulnerability scanner that focusses soley on XSS. It's got several ways of testing for those XSS errors and it will even do part of the testing for you. The two main ways of communicating at the moment are the browser extension and the pro interface (https://knoxss.me/pro).
I prefer the pro interface since it seems a tad faster. Besides the speed one big advantage is that we can run this process asynchronously while we keep on testing other things.
Don't get me wrong, the browser extension is also super useful and i always have it on while pentesting.
Included in the package i got was the browser add-ons for chromium and the one for firefox;O also have knoxss pro available here.
While browsing this extension will help you by executing requests in the background which really helps with the passive testing aspect but as knoxss itself already states, it is a bit on the slow side so you have to be very patient.
The installation was really straight forward and not too hard at all. I went with the firefox option since that's what i always use for pentesting and i have to be honest, I don't even follow the rules on this one and I breeze through my application, the web interface is where it's at for me.
Here it's important that i pass any and all endpoints with their parameters that i suspect might have some XSS in it and yes it often do find things in this way. Now the parameters i will look at will be anything reflected so this can a normal parameters but it can also be parts of a URL or URI, i usually use a burp suite extension for this which will check for reflections while i browse. Sometimes when i feel really adventurous i will investigate the source code and look for DOM sinks but usually this tool just saves me an incredible amount time and $$$.
I went online and selected 40 XSS challenges in a diverse setting going from GET to POST to PUT parameters and sometimes as parameters these variables can also URI or get passed into a DOM sink. As you can see i selected quite a diverse range of challenges.