XSS

1/ 1st Fix the target domain or subdomain and browse it.

2/ Open Burp Suit .

# Dashboard 

>> Turn Of " Live passive crawl from proxy " 

>> Proxy 

>> Turn on Intercept 

>> Browse the target 

>> then send it in repeater 

>> then go to in repeater 

>> then send the value in intruder [ like this = Get /batma%3C12%3E HTTP/1.1 ] 

>> Payload 

>> Copy the payload tags then paste it payload settings 

>> start attack 

>> then check every payloads by tabbing and focused in response and check the changes 

>> go to repeater and set your name and acceptable payloads 

[  like this = Get /batma%3C12%3E HTTP/1.1 -----------

Get /shanto<contant%20onmouseover=alert(1)> HTTP/1.1 ] 

>> Then add a random value testing

 like this =[ Get /shanto<contant%20onmouseover=alert(1)>testing </contant> HTTP/1.1 ]

we have to encode the mark character. For that,

>> Right click on mark character

>> Convert selection 

>> URL 

>> URL - encode all character

>> Send

>> then click any place and copy URL and browse the link

OR,

>> copy the payload and and paste on Get /shanto<hgroup onmouseover="alert(1)" style=display:block>test</hgroup> HTTP/1.1

we have to encode the mark payload URL - encode as your type

>> Then click any place and copy URL and browse it and show pop up.