# XSS Methodology 1. **Discovery and Mapping:** * [ ] Enumerate all endpoints, parameters, and user inputs. * [ ] Identify entry points such as query parameters, request bodies, and HTTP headers. 2. **Generate Test Inputs:** * [ ] Use a unique value for each entry point. * [ ] Inject these values to observe if and how they're reflected or stored. 3. **Submit and Observe:** * [ ] Submit the test inputs to all identified entry points. * [ ] Monitor both the immediate and subsequent HTTP responses for reflection or persistence of the input data. 4. **Context Analysis:** * [ ] Analyse where and how the input is reflected or stored in the application. * [ ] Pay attention to the surrounding HTML, JavaScript, or attribute context to craft effective payloads. 5. **Crafting XSS Payloads:** * [ ] Create payloads suitable for the identified contexts. * [ ] Alternatively use a pre-made list. 6. **Payload Testing:** * [ ] Fuzz with the crafted payloads. * [ ] For reflected XSS, test if the payload is reflected in the immediate response. * [ ] For stored XSS, check if the payload persists in storage and is executed in subsequent responses. * [ ] For DOM-based XSS, examine the source and trace the flow to any sinks in the DOM, then test payloads that interact with these sinks. 7. **Browser Execution:** * [ ] Execute the payloads in a browser to verify script execution. * [ ] Use simple JavaScript like `prompt(document.domain)` to test for execution. 8. **Document Reflections and Payload Execution:** * [ ] Document the precise location and context of each reflected, stored, or DOM-based input. * [ ] Take note of successful payloads and their outcomes. 9. **Exploit Refinement:** * [ ] If the initial payloads are blocked or sanitized, refine them by using different encodings or obfuscation techniques. * [ ] Consider all possible filter bypass techniques based on the application's behavior. 10. **Automated Scanning:** * [ ] Use automated scanning tools to identify potential XSS vulnerabilities. However, manual confirmation is necessary, as automated tools can generate false positives and negatives. 11. **Test for Browser Quirks:** * [ ] Test how different browsers interpret the payloads. Some browsers may encode or decode inputs differently, affecting payload delivery. 12. **Confirm Persistent Storage (Stored XSS):** * [ ] Verify that the payload is stored and executed across sessions or different user accounts, confirming a stored XSS vulnerability. 13. **Check for Execution Context (DOM-based XSS):** * [ ] For DOM-based XSS, use browser developer tools to check how the payload is handled by the browser's JavaScript engine.