Payload Processing

Here you'll want to add a rule, choosing Invoke Burp extension as the rule type and then XSS Validator as the processor:

After you've made all these selections, your app's GUI should look like the following:

We need to make one more setting change before we can start our attack. If you head over to the xssValidator tab, you'll see a random string generated in the Grep Phrase field, and you might also spot the bullet point explaining that Successful attacks will be denoted by the presence of the Grep Phrase:

We want to add that grep phrase into the Grep - Match section in the Options tab so that, when we're viewing our attack results, we can see a checkbox indicating whether our phrase turned up in an attack response:

Once that phrase has been added, we're ready to start our attack. Click the start attack button in the top-right of the Options (and every other) view.

After clicking the button, you should see an attack window pop up and start to self-populate with the results of the XSS snippet submissions:

And voila! We can see the presence of our grep phrase, meaning that our submissions have been a success, for several of the tag/attribute combinations generated by the XSS Validator submissions.