Seven Techniques to bypass almost Every XSS Filter.

Welcome to back to hackers creed blog. And Today we are gonna discuss 7 different XSS filter bypass techniques which can be used to Bypass almost every XSS filter on the web.

but before coming to the real topic we should know how most of the web developers implement the XSS filters. Well its all done using "Regular Expressions". and if you don't know what regular expression really mean please Click Here. Basic Definition about Regular Expressions:

A regular expression (regex or regexp for short) is a special text string for describing a search pattern. You can think of regular expressions as wildcards on steroids

So Now let's move to the real Topic 

#Technique 1 [Size Detection]

The First and the most important technique is using "General Payload" to Test the Complexity of The Filter. I mean we can simple inject 

<x onxxx=1

if it's accepted the we can further move on to increase the number of x in the mentioned payload.

Example:

<x onxxx=1     --> Accepted 

<x onxxxx=1    -->Accepted 

<x onxxxxx=1   -->Accepted 

<x onxxxxxx=1   --> Blocked

So here The maximum size of the event handler can be 8 char max. By using This technique we can figure out the maximum payloads size accepted by the Filter. After figuring out the Max Char Accepted by the filter WebGun XSS payload Generator can be used to generate payloads.

#Technique 2 [Encoding]

Encoding plays an very important Role while bypassing XSS filters.

Encoding One by one can be user as a filter. 

For Example:

%3Cx onxxx=1

<%78 onxxx=1

<x %6Fnxxx=1

<x o%6Exxx=1

<x on%78xx=1

<x onxxx%3D1

#Technique 3 [Mixed Case]

Combination of Uppercase and lower cases can be used to bypass some of the filters.

Example:

<X onxxx=1

<x ONxxx=1

<x OnXxx=1

<X OnXxx=1

#Technique 4 [Dobling]

Maybe if The filter only filter out 1st Pattern and Leaving the 2nd one like HTTP parameter Pullution.

Example:

<x onxxxx=1 onxxxx=1

#Technique 5 [Encoded Spacers]

The Fallowing Spacers can be used between tag and event handlers

Example:

<x/onxxx=1

<x%09onxxx=1

<x%0Aonxxx=1

<x%0Conxxx=1

<x%0Donxxx=1

<x%2Fonxxx=1

#Technique 6 [Quotes]

Somtime Quotes acts like a boss in the payloads.

Example

<x 1=‘1’onxxx=1

<x 1=“1”onxxx=1

#Technique 7 [Combo]

We can combine all of them to get an ATOM BOMB 

Example:

<x 1=‘1’onxxx=1

<x 1=“1”onxxx=1

Thank you for Being The Part hackerXcreed community. I hope you enjoyed the tutorial

#hack2learn