Skip to content

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

Notifications You must be signed in to change notification settings

epsylon/xss-http-injector

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily.

It is written in HTML + Javascript + PHP and released under GPLv3.


To deploy it:

  • run a webserver (ex: apache)
  • place tool's folder to be accesible via web browser (ex: /var/www/)
  • check permissions (ex: chown -R www-data:www-data /var/www/xss-http-injector/)
  • visit it (ex: http://127.0.0.1/xss-http-injector/)

PoC (proof of concept):

There are different 'sandboxes' ready to try your XSS injections, locally.

Enter this info to see how some flags can be exploited:


Hooker:

This feature creates automatically a malicious code that can be sent to targets like a non-suspicious URL (ex: Index.html) to 'hook' them.

If someone click on it, will execute your exploit code. This is nice for cookie grabbing, history stealing, etc..

Use sandboxes to test your hooks locally.

Happy Cross Hacking!

About

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages