A smart way to perform blind XSS attacks

get alerts when your XSS is run on backend systems

Blind XSS is JavaScript which is inserted into things like contact forms and HTTP headers (e.g. browser type, referrer ) which are then later viewed on backend systems such as backend systems, CRM, logging platforms e.t.c, usually by privileged users. It can often be a successful but overlooked attack vector. Tripped.it is the perfect platform to alert you when these such attacks have been successful.

Explainer Video


Email Alerts

Receive 15 minute updates for if any of your XSS attacks have been tripped

DNS Lookups

Logs DNS lookups against your projects URL incase your victim is behind a strict proxy/firewall.

Pass Data Over DNS

Send data over DNS lookups in case web access is not available.

Image Requests

See if image tags are been rendered to check whether attributes such as onerror could be exploitable.

Javascript Requests

See whether the remote javascript code is being loaded

Javascript Execution Confirmation

See whether javascript is being executed and data is being sent back.

Unlimited Projects

You can have multiple projects to keep your requests seperate.


£0.00 per month

  • + Email Alerts
  • + View DNS Lookups
  • + View Image Requests
  • + View JS Requests
  • + View JS Execution Confirmation
  • + Unlimited Projects
  • + Pass data over DNS
  • + 3 Day Data Retention


£10.00 per month

  • As Per Lite
  • + View Victim URL
  • + View Victim Cookies
  • + View Victim HTML
  • + 30 Day Data Retention