Project Details

Tripped.IT is a tool for helping pentesters and bounty hunters find blind XSS vulnerabilities in web applications.

Unlike traditional XSS attacks ( mirrored or stored ) where you would have instant feedback as to whether your XSS attack had worked a Blind XSS attack is JavaScript code which may get executed at a later date. For example a contact form where when the recipient opens it your JavaScript payload will be run ( see the below video for how this works )

Each time you create a new project on you will receive a unique https url. You can then embed this URL into your javascript payload and if executed you will receive an email letting you know it’s been triggered. At the point of been triggered it will record the URL being viewed and any cookies that are set.

An an extra feature even if the the JavaScript isn’t executed it will make a log of the DNS being requested. This can help assist in SSRF exploits and also the possibility of tunneling data of DNS when a client it behind a strict firewall.