After you set it up you need to fill Payloads table with your OOB-XSS vectors, so extension will be able to inject your payloads into outgoing requests. Pay attantion that you need to set {URL} alias inside your payload, so the extension will be able to get data from “Your url” field and set it directly to your payload.
Femida is Random Driven Extension, so every payload with “1” inside row “Active” will be randomly used during your active or passive scanning. So if you want exclude any payload or parameter/header from testing just change the “Active” value to 0.
Upload
or Add
button.{URL}
parameter in your payloads.Active
row will be manualy equal 1
. (mean it’s active now)Active
row to 0
Add
button or in Target
/Proxy
/Repeater
with right-click.
case insensitive
.Active
row to 0
.Extension is able to perform both active and passive checks.
After all is setup you can start using extension. First case is passive checks, so we will cover this process now: