Cross-Site Scripting (XSS) is a type of injection which allows users to run custom scripts on trusted website. On giving a url to the users, it might allow one to showcase a custom page on a trusted website or redirect a user, allowing him to steal his cookies and do session hijacking.1) Download Firefox browser. This does not required Kali and can be tested in windows as well as Mac.2)In Firefox, typeSearch for4) Double click on it, to change the value to false.5) Now open the website which you want to test.6) Generally, XSS is present in search bars.7) In search bar typeand press enter8) If you see an alert box, then the site is vulnerable to cross site scripting.9) If it doesn't work, you can try the cheat sheet at10) If none of that works, there may be some workarounds, but the chances of that are very low and your site is immune to XSS11) For learning how to do session hijacking using XSS, keep following this blog.