For XSS hunt for

• Input fields in the web page
• URL parameters

If any application is blocking your IP after trying a XSS payload :

1. Use wafwof https://github.com/EnableSecurity/wafw00f
2. Then search for potential bypasses on the internet (twitter, medium, google, chatgpt)

CLI tools:

• https://github.com/faiyazahmad07/xss_vibes

Types of XSS

Quick Notes :

• Whenever the input field is stored inside a <script> tag, we can use JavaScript syntax to close the string elements and try to put our payloads.
• To make XSS payloads
  • https://portswigger.net/web-security/cross-site-scripting/cheat-sheet