You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A script written in python3 to spread blind cross-site scripting payloads on HTTP requests headers
Description
Blinder is an automation tools written in python3, used to spread sending blind payloads into HTTP servers using XSShunter or custom requests bin, with custom payloads so you can test for more issues like SSTI, CSTI and XSS
Installation
git clone https://github.com/DEMON1A/Blinder
cd Blinder
python3 Blinder.py [ARGS]
How To Use:
Basic:
That's blinder basic usage example, you just specify XSShunter username using -u argument and the URLs file using -f argument
python3 Blinder.py -u xsshunter -f urls-file.txt
Redirections
To disalow/allow redirects on blinder, all you need to-do is use -r option with either deny or allow strings
If you wanna use more than one payload, you can seperate them using , character for example: "><script>alert(1)</script>,"><svg/onload=alert(1)>, if your payload requires , character and you can't seperate them using that character you can use -s option to use another character to-do that
By default, Blinder uses XXX as string to replace with the XSShunter/requestbin URL, incase that can't be used with your payload and your payload contains XSS inside of it, you can always use --replace argument to use another string to replace it with
By default, Blinder sends the payloads on the User-agent header because it's more likely to get stored on web application by requests logs and other stuff, you can use your custom header in case you're testing for a known vulnerability, CVE or anything else