Skip to content
/ xss-http-injector Public

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

03c8.net
24 stars 15 forks Branches Tags Activity
Star
Notifications

epsylon/xss-http-injector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

images

images

 
 

sandbox

sandbox

 
 

README.md

README.md

 
 

home.php

home.php

 
 

hooker.php

hooker.php

 
 

index.html

index.html

 
 

Repository files navigation

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily.

It is written in HTML + Javascript + PHP and released under GPLv3.

To deploy it:

  • run a webserver (ex: apache)
  • place tool's folder to be accesible via web browser (ex: /var/www/)
  • check permissions (ex: chown -R www-data:www-data /var/www/xss-http-injector/)
  • visit it (ex: http://127.0.0.1/xss-http-injector/)

PoC (proof of concept):

There are different 'sandboxes' ready to try your XSS injections, locally.

Enter this info to see how some flags can be exploited:

Hooker:

This feature creates automatically a malicious code that can be sent to targets like a non-suspicious URL (ex: Index.html) to 'hook' them.

If someone click on it, will execute your exploit code. This is nice for cookie grabbing, history stealing, etc..

Use sandboxes to test your hooks locally.

Happy Cross Hacking!

About

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

03c8.net

Topics

exploit toolkit sandbox xss hooker

Resources

Readme
Activity

Stars

24 stars

Watchers

9 watching

Forks

15 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages