GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → epsylon → xss-http-injector

epsylon / xss-http-injector

Licence: other
XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

Programming Languages

PHP
23972 projects - #3 most used programming language

Labels

exploittoolkitsandboxxsshooker

Projects that are alternatives of or similar to xss-http-injector

Jsshell
An interactive multi-user web JS shell
Stars: ✭ 330 (+1400%)
Mutual labels:  exploit, xss
Commodity Injection Signatures
Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (+1113.64%)
Mutual labels:  exploit, xss
Xsser
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
Stars: ✭ 606 (+2654.55%)
Mutual labels:  toolkit, xss
Angularjs Csti Scanner
Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
Stars: ✭ 214 (+872.73%)
Mutual labels:  exploit, xss
Hackvault
A container repository for my public web hacks!
Stars: ✭ 1,364 (+6100%)
Mutual labels:  exploit, xss
V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+3750%)
Mutual labels:  exploit, xss
APSoft-Web-Scanner-v2
Powerful dork searcher and vulnerability scanner for windows platform
Stars: ✭ 96 (+336.36%)
Mutual labels:  exploit, xss
Pythem
pentest framework
Stars: ✭ 1,060 (+4718.18%)
Mutual labels:  exploit, xss
Jsshell
JSshell - JavaScript reverse/remote shell
Stars: ✭ 167 (+659.09%)
Mutual labels:  exploit, xss
cve-2016-1764
Extraction of iMessage Data via XSS
Stars: ✭ 52 (+136.36%)
Mutual labels:  exploit, xss
xssfinder
Toolset for detecting reflected xss in websites
Stars: ✭ 105 (+377.27%)
Mutual labels:  xss
streamsx.kafka
Repository for integration with Apache Kafka
Stars: ✭ 13 (-40.91%)
Mutual labels:  toolkit
rubick
🔧 Electron based open source toolbox, free integration of rich plug-ins. 基于 electron 的开源工具箱,自由集成丰富插件。
Stars: ✭ 3,901 (+17631.82%)
Mutual labels:  toolkit
readhook
Red-team tool to hook libc read syscall with a buffer overflow vulnerability.
Stars: ✭ 31 (+40.91%)
Mutual labels:  exploit
vmware guest auth bypass
Proof of concept of VMSA-2017-0012
Stars: ✭ 42 (+90.91%)
Mutual labels:  exploit
minecraft-log4j-honeypot
Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam
Stars: ✭ 89 (+304.55%)
Mutual labels:  exploit
torjail
🔒 download, verify & run torbrowser in a sandbox
Stars: ✭ 14 (-36.36%)
Mutual labels:  sandbox
shu-shell
Webshell Jumping Edition
Stars: ✭ 23 (+4.55%)
Mutual labels:  exploit
z-sandbox
A simple Sandbox implementation for Javascript
Stars: ✭ 24 (+9.09%)
Mutual labels:  sandbox
styleguide-starterkit
A starterkit to create styleguides with Fractal and Webpack.
Stars: ✭ 35 (+59.09%)
Mutual labels:  toolkit
View All Similar Projects ➔

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily.

It is written in HTML + Javascript + PHP and released under GPLv3.

To deploy it:

  • run a webserver (ex: apache)
  • place tool's folder to be accesible via web browser (ex: /var/www/)
  • check permissions (ex: chown -R www-data:www-data /var/www/xss-http-injector/)
  • visit it (ex: http://127.0.0.1/xss-http-injector/)

PoC (proof of concept):

There are different 'sandboxes' ready to try your XSS injections, locally.

Enter this info to see how some flags can be exploited:

Hooker:

This feature creates automatically a malicious code that can be sent to targets like a non-suspicious URL (ex: Index.html) to 'hook' them.

If someone click on it, will execute your exploit code. This is nice for cookie grabbing, history stealing, etc..

Use sandboxes to test your hooks locally.

Happy Cross Hacking!

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].