# Adding Knoxnl (KNOXSS) to Burp

* Open Burp &gt; Extensions
    
* Install Piper
    
* Go to Piper &gt; Context menu items
    
* Click on Add Button and Enter Name as “knoxnl”
    
* In the **Add menu item** dialog box, enter the **Name** as `knoxnl` and change the **Can handle...** drop down to `HTTP requests only`.
    
* Change both the **Minimum required number of selected items** and **Maximum allowed number of selected items** values to `1`
    
* Click **Edit Button on Command** and the **Command invocation editor** dialog box should be displayed
    
* Now on the “Add Parameter:” input field you’ll need your python3 installed binary, your knoxnl.py file and commands and arguments.
    
* Here’s How you do it:
    
* Enter “which python3” on terminal and you’ll get `/usr/bin/python3`
    
* Go to knoxnl directory ([https://github.com/xnl-h4ck3r/knoxn](https://github.com/xnl-h4ck3r/knoxn)l)
    
* Search for python file (knoxnl.py) and enter pwd in your terminal and you’ll get `/home/intheshell/Tools/knoxnl/knoxnl` something like this (may deffer according to your folder)
    
* Now enter Commands such as `--burp-piper` `-X` `BOTH` `-A your_knoxss_api_key`
    
* Get your api key from [https://knoxss.me/](https://knoxss.me/)
    
* Remember to enter one command per line . For example see the image to understand it properly.
    
    ![](https://miro.medium.com/v2/resize:fit:700/1*oCAwQTagZ8Q6RRpO0bJ7_A.png align="left")
    
    ![](https://miro.medium.com/v2/resize:fit:700/1*7R3DDap1q5kSikoCDEFKvA.png align="left")
    
    ![](https://miro.medium.com/v2/resize:fit:700/1*wWaUkEsqNqDvoC9YgIOQew.png align="left")
    
    ![](https://miro.medium.com/v2/resize:fit:700/1*yplD-tEw_SxD-ocGGhPCAg.png align="left")
    
    ![](https://miro.medium.com/v2/resize:fit:700/1*LDF5C5JVAPnHyagYOfYRUw.png align="left")
    
    ![](https://miro.medium.com/v2/resize:fit:700/1*bvb8y4ovm7cKtKzPZ4-ERQ.png align="left")
    
    ![](https://miro.medium.com/v2/resize:fit:700/1*qgbLP9nR9kYz_ewrskyhsg.png align="left")
    
    * Click the **OK** button on the **Command invocation editor** dialog box.
        
    * Click the **OK** button on the **Edit menu item** dialog box.
        
* Now It’s Ready
    
    ![](https://miro.medium.com/v2/resize:fit:700/1*3__TgDySkaEo_Z4g8tChyw.png align="left")
    
    Now to scan for XSS, right click on a Request and select **Extensions -&gt; Piper -&gt; Process 1 request -&gt; knoxnl**.
    
    A window should open with the title **Piper — knoxnl**. This **Piper** window stays blank until the command is complete (which could be up to 180 seconds — the default value of `-t`/`--timeout`).
    
    ![](https://miro.medium.com/v2/resize:fit:673/1*KiYYXK0NqO-znqY4Ws76NA.png align="left")
    
    So Just wait and When complete, it should show the **knoxnl** output in the same way as on the command line version as shown below.
    
    Just close the window when you have finished.  
    
    All the references are taken from  
    [https://github.com/xnl-h4ck3r/knoxnl#using-in-burp-suite-proxy](https://github.com/xnl-h4ck3r/knoxnl#using-in-burp-suite-proxy)
    
    ##Note: The API key shown above is a Randomly generated Key.