Unsanitized Data – An XSS Case Study                                 Chapter 4
































            Once you're at the Intruder window, go to the Positions tab where you can see the 1045
            request parameters and cookie IDs already selected as Payload Positions. Let's go ahead
            and leave these defaults and move over to the Payloads tab to choose what we'll be filling
            these input with. In order to integrate with the XSS Validator extension, we need to make
            changes to these first three payload-related settings, as follows:



            Payload Sets

            For the second drop-down, Payload Type, select the Extension-generated option.


            Payload Options

            When you click Select generator..., you'll open a modal where you can select XSS Validator
            Payloads as your selected generator.












                                                    [ 61 ]