Xss test Api

XSSOnline is now accessible as a webservice.

Can be used for n number of http requests. (n > 0 & n < 100)

Find the api description as below


  • Endpoint: http://www.iseebug.com/XSSApi/process
  • Method: GET
  • Parameters

url – url should be base64 encoded

apikey – as provided below.

Example url:


Response: json

Note: changes into the services will be posted at the bottem

Blockchain explained in Java

Quoting from Wiki

A blockchain, originally block chain, is a growing list of records, called blocks, which are linked using cryptography. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data (generally represented as a merkle tree root hash).

How about a functional code written in Java to understand Blockchain actual working.

We will create a Crypto Wallet
We will send amount from a wallet to another.

What are the basic Objects i can think of in the Crypto transactions ?

A Block which holds the valid transactions that are hashed and encoded.
A Wallet holding with the address and basic properties.
A Transaction which will happen when one send or receive.

Transaction input and output.

Classes created as below:

  • Block.java
  • BlockChainTransaction.java
  • BlockChainTransactionInput.java
  • BlockChainTransactionOutput.java
  • BlockChainWallet.java
  • PoloChain.java
  • UtilMain.java

Continue reading

One time self destructing link to share secure data using php

When you want to share some data and it should be expired after the number of view then take a look at this work.

The below demo will generate a link which will be expired after single view.

This is fofG.php which generate links. DB schema at the bottom.

This is fofAuth.php which will render the data you want to share and can be viewed only once.

schema name “fof”

Demo – http://www.iseebug.com/fof/fofG.php Link Generator

Download- http://www.iseebug.com/loads/fof.rar

XSS Testing Online Free Tool | XSS Online Tester | XSS Scanner

Test for the XSS Online. Just put the URL and test for the XSS Tester.

XSS Tester exploits the ‘same-origin-policy’ concept of web applications to allow hackers to extract information from the system. XSS is a ONLINE website TESTER, SCANNER.

XSS Tester, Scanner online free


Click below link to test for the XSS.
Test XSS

Click the link to test for the XSS SCANNER.

XSS Test is an incredibly common vulnerability, and while often appearing trivial, through modern exploitation techniques it can be used in a range of ways: from acting on behalf of application users, stealing identities in the application, redirecting traffic or even introducing fake content into a corporate website. Just as other exploits that have developed over the years, counter-measures have also been added. Unfortunately, attackers have adapted themselves too.

source = indiatimes.com & outpost24.com

Click the link for e-mail spaming.

Email notification service-email Bombing-example

Now a days every app has a module for notifying users through email. The same email module/service when written less carefully can lead to serious misuse by the attacker. Attacker can spam the inbox of any user when the app is vulnerable to this issue. Below is the example of vulnerable webapps test with explanation.

Suppose the reset password functionality is vulnerable to email bombing.

url – https://example.com/lost-password

Open it and you see a form to notify you by email. try putting email and send. Monitor and capture the request.

For now i take below headers:

POST /lost-password HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.04
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://example.com/lost-password
Cookie: lang=en; xyz
Connection: keep-alive
Upgrade-Insecure-Requests: 1

POST data

Looking at the header and body , we can see that their is no way for the web server to track user or to validate the genuine request. So we can replay the same request with different POST data using any client.

Continue reading