DalFox – Parameter Analysis and XSS Scanning tool
Dalfox tool is a fast, parameter analysis and Cross-site Scripting (XSS) scanner tool based on a DOM(Document Object Model) parser. The XSS Dalfox has some additional features that test for SQL injection(SQLi), Server-Side Template Injection(SSTI), and open-redirects. Dalfox is a Golang language-based tool. Dalfox is also capable of finding reflected, stored, and blind XSS on the target web application. The basic concept is to analyze parameters, find XSS, and verify them based on the DOM Parser.
Key Features:
- Dalfox does Parameter Analysis to find reflected parameters.
- Dalfox finds free/evil characters and makes Identification of injection point
- Dalfox does static Analysis, checks for bad-headers like CSP, X-Frame Options, etc.
- Dalfox does optimization queries for payloads, checks the injection point through abstraction, and generates a fitted payload.
- Dalfox eliminates unnecessary payloads based on wrong char.
Installation of Dalfox Tool in Kali Linux
Step 1: Update the Package lists using the following command.
sudo apt update
Step 2: Install the snapd on Kali Linux using the following command.
sudo apt install snapd
Step 3: Enable and start both the snapd and the snapd.apparmor services with the following command.
systemctl enable --now snapd apparmor
Step 4: Install Dalfox using snapd. Use the following command.
sudo snap install dalfox
Step 5: Check the help page for Dalfox tools for better understanding. Use the following command
dalfox --help
Working with Dalfox
Example 1: Single Target Mode
Now, we have successfully installed Dalfox on our system. Now it’s time to actually work with Dalfox.
dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff -b https://hahwul.xss.ht
1. From the screenshot below, you can see vulnerable parameters are detected along with the payload.
2. We have found DOM Object XSS. Payload is also designed by the tool itself.
<img/src/onerror=.1|alert`` class=dalfox>
3. Now, we will copy the full address link at which XSS is triggered.
http://testphp.vulnweb.com/listproducts.php?artist=123&asdf=ff&cat=123%22%3E%3Cimg%2Fsrc%2Fonerror%3D.1%7Calert%60%60+class%3Ddalfox%3E
4. Pasting the link address in the Web Browser to check if an XSS is a Popup or not.
Example 2: Multiple target mode from file
1. We have Multiple Targets URL in targets.txt.
2. XSS is detected on one of the target URL, now we are just copying the link to verify whether XSS Popups triggers or not.
3. Copying the URL in Browser triggers XSS
Example 3: Pipeline mode
1. We have used dalfox pipeline command with assetfinder and gau tool.
2. We have Detected XSS on one of the parameters of testphp.vulnweb.com.
By running these commands, you can find any type of XSS in your target domain.