News

Published on January 7th, 2014 📆 | 5837 Views ⚑

0

xssless – An Automated XSS Payload Generator Written In Python


iSpeech

xssless is an automated XSS payload generator written in python.

Usage

  1. Record request(s) with Burp proxy
  2. Select request(s) you want to generate, then right click and select “Save items”
  3. Use xssless to generate your payload: ./xssless.py burp_export_file
  4. Pwn!

 

[adsense size='1']

Features

  • Automated XSS payload generation from imported Burp proxy requests
  • Payloads are 100% asynchronous and won’t freeze the user’s browser
  • CSRF tokens can be easily extracted and set via the -p option
  • POST multipart is supported, along with XSS file uploading via the -f option
  • Payloads are dynamic and portable (due to relative URLs)
  • Crazy JavaScript worms with no hassle!

Installation/Download

Download the latest xssless:

1
git clone https://github.com/mandatoryprogrammer/xssless

 

Install dependencies:

1
pip install -r requirements.txt

 

Run the script:

1
./xssless.py -h

 

Or read more here.

 

Tagged with:



Leave a Reply

Your email address will not be published.