Analysis of Blind XSS Tools, Tactics and Procedures
This blog post is largely based upon the Akamai State of the Internet (SOTI) Defenders' Guide 2025 document here: https://www.akamai.com/site/en/documents/state-of-the-internet/2025/akamai-state-of-the-internet-cybersecurity-defense-guide-2025-report.pdf OVERVIEW Akamai’s Security Intelligence Group (SIG) conducted a deep analysis of Cross-site Scripting (XSS) data that was captured from the Cloud Security Intelligence (CSI) platform. The goal of this analysis was to identify the specific techniques employed during real-world exploitation attempts vs. simple “proof of concept (PoC)” probing requests to identify vulnerable vectors. More specifically, we analyzed XSS attacks that attempted to embed remote JavaScript resources into pages instead of probes executed by scanners. The vast majority of reflected XSS PoC payloads are essentially benign, and attempt to call one of the following JavaScript methods - alert() , prompt() and confirm(). These ...