XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3. https://03c8.net
psy
9882220b77
moved from https://github.com/epsylon/xss-http-injector
|
vor 6 Jahren | |
|---|---|---|
| images | vor 6 Jahren | |
| sandbox | vor 6 Jahren | |
| LICENSE | vor 6 Jahren | |
| README.md | vor 6 Jahren | |
| home.php | vor 6 Jahren | |
| hooker.php | vor 6 Jahren | |
| index.html | vor 6 Jahren |
README.md
XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily.
It is written in HTML + Javascript + PHP and released under GPLv3.
To deploy it:
- run a webserver (ex: apache)
- place tool's folder to be accesible via web browser (ex: /var/www/)
- check permissions (ex: chown -R www-data:www-data /var/www/xss-http-injector/)
- visit it (ex: http://127.0.0.1/xss-http-injector/)
PoC (proof of concept):
There are different 'sandboxes' ready to try your XSS injections, locally.
Enter this info to see how some flags can be exploited:
Hooker:
This feature creates automatically a malicious code that can be sent to targets like a non-suspicious URL (ex: Index.html) to 'hook' them.
If someone click on it, will execute your exploit code. This is nice for cookie grabbing, history stealing, etc..
Use sandboxes to test your hooks locally.
Happy Cross Hacking!