This Python script is designed to fuzz a given URL to identify bytes and special characters that are stripped by a Web Application Firewall (WAF). Upon identification, the script generates XSS payloads designed to bypass the WAF using the stripped bytes.
- Fuzzes a URL to identify stripped bytes and special characters.
- Automatically generates XSS payloads based on identified stripped bytes.
- Provides detailed output for analysis.
- Python 3.x
requestslibrary
- Clone the repository or download the Python script.
- Install the
requestslibrary if you haven't already. You can install it using pip:pip install requests
python3 byte_stripper.py https://example?parameter=[FUZZ]The script provides real-time feedback during fuzzing, indicating whether each byte was stripped or not. After fuzzing, it prints the XSS payloads generated based on the stripped bytes.
The following features are planned for upcoming releases:
- Support for Raw HTTP Requests: The tool will be able to read raw HTTP requests from a file to perform fuzzing, eliminating the need to manually specify the URL in the command line.
This tool is intended for ethical hacking and lawful penetration testing activities. The developer assumes no liability for any misuse or damage caused by this program.
Zilbon, Pentester, OSCP