The idea behind this POC is when an attacker is testing for XSS which she can't verify, the probe can be injected which when triggered (if triggered) will show up on the back-end site.
- Get a digital ocean account. You can click this link for $100 free credit across first 60 days: https://m.do.co/c/316c3be750a9
- Create a basic droplet, install Python3 and Flask
- Upload the store.py and run it:
python3 store.py
- Start using your probe!
You can find out more details in my blogpost: http://coffeesec.net/posts/blind-xss-digital-ocean/