XSS Finder

I wonder if it would be possible to find xss with a bruteforcer.

Like, instead of bruteforcing passes, keep going until it finds a xss for something. I dunno, kinda hard to explain…

try using curl?

yeah xss scanner pretty easy to do.

just read a web page, extract the html post/get variables (get is easier to can for obvious reasons). then you add a xss string to the end of the variable, contruct and view the url then analyse the source to see if your xss string is detected.

then just have that on a loop for each varible / page on the site. pretty simple. takes a fraction longer if your using post variables, but still same princible.

ok. cool. Thanks :)