News
Published on January 7th, 2014 📆 | 5943 Views ⚑
0xssless – An Automated XSS Payload Generator Written In Python
xssless is an automated XSS payload generator written in python.
Usage
- Record request(s) with Burp proxy
- Select request(s) you want to generate, then right click and select “Save items”
- Use xssless to generate your payload: ./xssless.py burp_export_file
- Pwn!
[adsense size='1']
Features
- Automated XSS payload generation from imported Burp proxy requests
- Payloads are 100% asynchronous and won’t freeze the user’s browser
- CSRF tokens can be easily extracted and set via the -p option
- POST multipart is supported, along with XSS file uploading via the -f option
- Payloads are dynamic and portable (due to relative URLs)
- Crazy JavaScript worms with no hassle!
Installation/Download
Download the latest xssless:
1
|
git clone https://github.com/mandatoryprogrammer/xssless
|
Install dependencies:
1
|
pip install -r requirements.txt
|
Run the script:
1
|
./xssless.py -h
|
Or read more here.
Gloss