What's up folks? So I've been talking a lot about my Bug Bounty journey but I noticed that some of you wanted to know more about it.

I'm not going to share the basics for now, maybe in next article. I'm assuming you've already watched the getting started videos on Youtube. My aim it to show you what you won't find in YT videos.

So today, I'm going to show you exactly how I find reflected XSS in my target. This isn't the only way and I don't say this is the best method.

There are pros out there that specialize in XSS and they find a lot of other types of cross site scripting besides the usual reflected one.

But my knowledge is limited on DOM XSS and a few other ways to find it.

However, I will help you beginners who don't even know how to find it to finding it in a couple of minutes to hours.

Yes, I said hours! because some times, you have to construct payloads manually because no tool is 100%.

The Beginner Way of Getting an XSS

First, if you know or don't know anything about paramspider, just download it in your kali linux.

Then, after you've installed it, pick your domain or target that you're going to hack on.

Let's call it example.com. Now what you got to do it run paramspider on the domain. I'll leave the link here in case you want to know about the command. Here it is.

Done? Now check all the links you've saved with this command. You'll notice it has extracted all the Urls containing parameters.

Now copy the same URLS and paste them into another new txt file saved inside Dalfox.

Haven't installed Dalfox? don't stress just go and download it.

So far in my journey of bb hunting, I have't come accross a tool so powerful as this one. This makes finding Xss like walk in the park.

Now it's time to enjoy our xss

Just one step left and you'll have your dream xss right in front of your eyes. But only if that site is vulnerable. Most sites aren't.

We're now going to run Dalfox on the previously extracted Urls with parameters from Paramspider.

Keep it running for a while and examine each url while it's scanning. Stop where it says reflection found. See the payload it created and copy it and paste it after the parameter.

This is when you can finally celebrate your first XSS finding. There are a lot more ways and many many tools to do the same thing and sometimes using only paramspider isn't enough.

Perhaps, in another article or some other time, I'll teach you about more advanced methods of finding reflected XSS.

But this will get you going and you might just get yours after this article.

Remember that Xss bounty amount ranges from $200 to $1000. So it's totally worth exploring this bug type.