Why DBF???

You can identify whether your payload worked or not if you use the DBF framework cleverly. So that you can try different payload

Some websites not allowed to include remote js files. In this case, you can use our advanced payloads to grab a cookie to prove Blind Xss without including remote js.

Some times XSS does not work. In this case, you can try Blind HTML injection and grab private IP/URL, user-agent and the vulnerable field of the frontend form to prove the vulnerability.

If you want to use your custom payload, we can customize the framework to grab your output in some conditions.

Key Features

  • Stored/Blind XSS
  • Blind HTML Injection
  • Blind SSRF
  • Blind XXE Injection
  • Scriptless Attack (CSS keylogger)

Get bounties with Blind XSS

The most found, reported and acknowledged flaw in the web.