Anthropic-Cybersecurity-Skills/skills/testing-for-xss-vulnerabilities-with-burpsuite/references/api-reference.md

API Reference: Testing for XSS Vulnerabilities with Burp Suite

Burp Suite Professional Components

Scanner

• Active scan: Automatically tests parameters for XSS
• Passive scan: Identifies reflected inputs and missing security headers
• Scan configuration: XSS-focused audit checks

Repeater

• Send individual requests for manual payload testing
• Compare request/response pairs across payload variations
• Test character encoding behavior

Intruder

• Positions: Mark injectable parameters
• Payloads: Load XSS wordlists
• Grep-Match: Flag responses containing alert(, onerror=, <script>
• Attack types: Sniper (single param), Battering Ram (same payload all positions)

DOM Invader

• Built-in browser extension for DOM XSS testing
• Canary injection and sink monitoring
• Source-to-sink data flow tracing

requests Library (Companion Script)

Reflection Detection

canary = "xsscanary12345"
resp = requests.get(f"{url}?q={canary}")
if canary in resp.text:
    # Determine context and fuzz with payloads

Character Encoding Test

resp = requests.get(f'{url}?q={quote("<>\"\'&/")}'
unencoded = [ch for ch in '<>"\'&/' if ch in resp.text]

Burp Extensions for XSS

Extension	Purpose
Hackvertor	Advanced payload encoding/transformation
XSS Validator	Confirm XSS execution in headless browser
Reflector	Highlight reflected parameters in proxy
Active Scan++	Enhanced active scanning rules

CSP Bypass Techniques

Weakness	Bypass
unsafe-inline	Direct <script> injection
unsafe-eval	Use eval(), setTimeout()
Whitelisted CDN	JSONP callback or Angular gadgets
Missing base-uri	<base> tag hijack for relative scripts

References

• Burp Suite docs: https://portswigger.net/burp/documentation
• PortSwigger XSS labs: https://portswigger.net/web-security/cross-site-scripting
• DOM Invader: https://portswigger.net/burp/documentation/desktop/tools/dom-invader
• Dalfox (CLI scanner): https://github.com/hahwul/dalfox