Technical Requirements

In this section, we'll continue to configure and use tools from our macOS Terminal command line. We'll also be using Burp Suite, the Burp extension XSS Validator, and information from the SecLists GitHub repository (https://github.com/SecLists) to power our malicious XSS snippet submissions. When we use a browser normally or in conjunction with Burp, we'll continue to use Chrome (66.0.3359.139). Using the XSS Validator extension will require us to install Phantomjs, a scriptable headless browser.